Feb 21 2018 01:47 AM - edited Feb 21 2018 02:27 AM
Hi
I have inherited and existing on-premises farm infrastructure that consists of a pair of load balanced SharePoint 2016 WFEs with each having a single Office Online Server (OOS) instance. The Office Online Servers are currently not load balanced which I think is starting to bite me!
Yesterday, I successfully deployed and configured each OOS instance and created a WOPI binding to the WFE hosted locally, as per single instance configuration documented in Deploy Office Online Server. To test out HTTPS, I created self-cert on each OOS instance which I exported to the relevant WFE. Finally, I RDPed onto each WFE and happily rendered an office document.
However, when I repeat the same test on my client PC of course the WOPI binding per each server is of course blocked as each WFE as these are not on the same subnet as the client pc :( .
I need to reconfigure the OOS farm and, or change the WOPI bindings. I suspect I will need to create the OOS farm with a load balancer. Note, we don't really need HA in the case OOS as this will have a light workload and also there are no plans to open up SharePoint on-premises to external users.
Any advice is very welcome.
Feb 21 2018 09:17 AM
Feb 21 2018 11:15 AM - edited Feb 21 2018 11:19 AM
Thanks, I rechecked my config this morning and discovered a couple of things
If I put in a RFC in tomorrow, then a part from ports: 80 and 443 , are there other ports OOS needs to communicate with clients that you can think of?
We do have the option for internal CA but I have testing with self-certs, which I export as ".cer" and import into the Trusted Hosts on each of WFEs. I assume this is ok.
Looking at DNS with entries per OOS verses Load balancer - going to test with the single instances ( each bound to a single WFE) when the rules are in place and give the business the option.
Feb 21 2018 11:31 AM
Feb 21 2018 12:04 PM
OK, lets clarify things from my perspective . The client is any intranet user who needs to render an office document that is hosted on premises - they don't need a cert import as far as know . I have only exported the cert created on a OOS instance onto the WFE in the same data centre . Repeat this config per data centre.
When I refer to the OOS farm , I mean going on to each OOS instance and running
New-OfficeWebAppsFarm -InternalUrl "https://oosa.contoso.com" -ExternalUrl "https://oosa.constso.com" -CertificateName "OfficeWebApps Certificate" -EditingEnabled
Then repeating for the other OOS instance (oosb.contoso.com) . I don't think it is possible to configure a multi-server OOS farm as there is currently no LB IP address available.
Feb 21 2018 12:11 PM
Feb 21 2018 12:21 PM - edited Feb 21 2018 12:24 PM
I think you are right. I did the single host config just to get a demo working. However, with a bit more effort, I could configure one of the LBs and create a multi-sever OOS farm, to be shared across SFB, Exchange and the other SharePoint farms ( sp2016 dev , SP2013). Thanks, I will mention this to the team tomorrow.
Feb 21 2018 12:23 PM
Feb 21 2018 12:27 PM
@Trevor Seward wrote:
If you go multiple server, you will want to have a trusted cert (internal or public). You need to have a subject name of the FQDN of the deployment (e.g. office.example.com) with multiple SANs. The first will match the subject name, the subsequent will be the FQDN of the Office Online Servers within your deployment (e.g. oos01.corp.example.com, oos02.corp.example.com, etc).
I understand ... let's hope the business agrees to this I think this the way we should go . Thanks for your help.