Microsoft Office SharePoint Portal Server 2003 Service Pack 2 (SP2) is now available from the Microsoft Download Center. SharePoint Portal Server 2003 SP2 includes hotfixes that have been released since the release of Service Pack 1 and the following changes:

• Support for Kerberos security protocol. Kerberos is turned on by default in SharePoint Portal Server 2003 SP2.
• Support for 64-bit servers.
• Support for Microsoft ASP.NET 2.0.
• Support for IP-bound virtual servers.
• Support for SQL Server 2005.
• Increased support for extranet scenarios with off-box SSL termination, reverse proxy, and alternate URLs.
• Support for crawling and searching Lotus Notes R6.
• Support for installing QFEs that update SQL procedures and binary files in one step.

Kerberos Authentication Turned On by Default

Earlier releases of SharePoint Portal Server changed the default authentication method from Kerberos authentication to NTLM authentication. SharePoint Portal Server 2003 SP2 does not change the default IIS authentication settings.

The ability to choose either Kerberos authentication or NTLM authentication is available in both the SharePoint Central Administration application and the stsadm.exe command-line utility. You choose an authentication type when you create the SharePoint Central Administration virtual server, extend a virtual server, or extend a virtual server and map it to an existing virtual server.

For the stsadm.exe command line, there is a new optional parameter: exclusivelyusentlm. If this parameter is not specified, then the virtual server is not modified and retains its original authentication configuration, which, by default, is Kerberos authentication.

Support for 64-bit Operating Systems

SharePoint Portal Server 2003 SP2 can run on x64-based versions of Microsoft Windows Server 2003, but Microsoft Internet Information Services (IIS) must be running in 32-bit emulation mode. You can specify 32-bit emulation mode for IIS by using the adsutil.vbs utility from the command prompt.

Support for ASP.NET 2.0

Office SharePoint Portal Server 2003 SP2 allows ASP.NET 2.0 to be installed and enabled in the web service extensions in IIS. Note, however, that all SharePoint sites must be configured to use ASP.NET 1.1. Attempting to run a SharePoint Portal Server 2003 Web application under ASP.NET 2.0 may cause unexpected results.

For more information about this issue, including how to verify your SharePoint sites are running ASP.NET 1.1, see Microsoft Knowledge Base article KB 907763: SharePoint Portal Server 2003 must use ASP.NET 1.1.

Support for IP-Bound Virtual Servers

Previous releases of SharePoint Portal Server did not support assigning static IP addresses to IIS virtual servers extended with SharePoint Portal Server. Instead, it was required that you use host headers and configure all virtual servers with an IP address setting of All Unassigned.

This limitation, as described in Knowledge Base article KB 830342: "Soap:Server Exception of Type Microsoft.SharePoint.SoapServer.SoapServerException", prevented the ability to host multiple virtual servers with Secure Sockets Layer (SSL) on one Web server. In Office SharePoint Server 2003 SP2, this limitation has been removed, and SharePoint Portal Server now supports assigning a static IP address to a virtual server that has been extended with SharePoint Portal Server.

Support for SQL Server 2005

SharePoint Portal Server now supports Microsoft SQL Server 2005 as the data storage engine in place of Microsoft SQL Server 2000 Desktop Engine (MSDE). Additionally, if you install SharePoint Portal Server with MSDE on a single server, you can later switch to using SQL Server 2005 for data storage. The migration procedure is described in the topic Migrating from MSDE to SQL Server. If, for some reason, the upgrade to the database fails, corrective action must be taken on the machine. For more information about the fix see Microsoft Knowledge Base article KB 907308: You cannot restart a SharePoint Portal Server 2003 database upgrade.

Support for Reverse Proxy, Alternate URL, and SSL Termination

Organizations that want to implement extranet deployments for SharePoint Portal Server often use a reverse proxy and load balancers to protect and manage access to the virtual server front ends. This type of configuration could change the host header (protocol, host, or port) received by SharePoint Portal Server. Several functions within SharePoint Portal Server generate links and e-mail messages based on the host header received from the client. If the host header was changed, the wrong URL is returned to the client.

SharePoint Portal Server, prior to Service Pack 2, did not support the type of advanced extranet configuration described here. Configurations that changed the protocol, host header, or port caused SharePoint Portal Server to return the wrong URL to the client. This is because SharePoint Portal Server generated replies based on the host header (protocol, host, and port) received in the client request.

With Service Pack 2, reverse proxy, alternate URL, and off-box SSL termination are all supported.

To demonstrate how this advanced extranet configuration behaved prior to SharePoint Portal Server SP2, the following example describes the process of a client request being sent over SSL that is terminated on a reverse proxy server, as shown in the following figure.

1. In SSL termination, the client sends a request to the server using SSL. In this example, the URL is https://adatum.com.
2. The reverse proxy server converts the host header in this request from SSL (HTTPS) to HTTP (non-SSL) and passes it to the SharePoint server as http://adatum.com.
3. Because SharePoint Portal Server received the request as an HTTP request, it generates and returns HTTP links rather than HTTPS (SSL) links on the page that will be returned to the client. In this example, SharePoint Portal Server uses http://adatum.com in the host header.
4. The reverse proxy server then converts the reply back into HTTP and sends it back to the client. However, the links on the reply page will be HTTP links, which are incorrect for the user because they need to be HTTPS links

SharePoint Portal Server 2003 SP2 solves this problem by providing support for advanced extranet configurations. However, this support is not enabled by default. To enable this support, you must use the following command line operations, which are new with SharePoint Portal Server 2003 SP2, to map the incoming URL and substitute the outgoing URL.

The new command line operations supported in stsadm.exe are:

• Addalternatedomain
• Addzoneurl
• Enumalternatedomains
• Enumzoneurls
• Deletealternatedomain
• Deletezoneurl

The following sections describe these command line operations.

Addalternatedomain

Configures the incoming URL and maps it to a URL zone. For each HTTP request, SharePoint Portal Server looks up the incoming URL and determines which zone will be used to format the outgoing response. Note that you can perform a separate zone mapping for each virtual server.

Example Syntax:

stsadm.exe –o addalternatedomain –url http://sharepoint:1234 –urlzone default –incomingurl http://sharepoint.internal.adatum.com:1234

The following table describes the properties associated with this command line operation.

 Note   SharePoint Portal Server uses a linear search to look-up the URL. If too many incoming URLs are added, performance could be affected.

Addzoneurl

Adds a URL to a zone and specifies the URL to return to the client.

Example Syntax:

stsadm.exe –o Addzoneurl –url http://sharepoint:1234 –urlzone default –zonemappedurl http://www.adatum.com

 Note   There can be only one outgoing URL per URL zone. This example uses the default URL zone.

The following table describes the properties associated with this command line operation.

Enumalternatedomains

Lists the incoming URLs and to which URL zones and outgoing URLs they are mapped.

Example Syntax:

stsadm.exe –o enumalternatedomains –url http://sharepoint:1234

The following table describes the property associated with this command line operation.

Enumzoneurls

Lists the outgoing URLs and to which URL zones they are mapped.

Example Syntax:

stsadm.exe –o enumzoneurls –url http://sharepoint:1234

The following table describes the property associated with this command line operation.

Deletealternatedomain

Deletes an incoming URL from a URL zone.

Example Syntax:

stsadm.exe –o deletealternatedomain -url http://sharepoint:1234 -incomingurl http://sharepoint.internal.adatum.com:1234

The following table describes the properties associated with this command line operation.

Deletezoneurl

Deletes an outgoing URL from a URL zone.

Example Syntax:

stsadm.exe –o deletezoneurl -url http://sharepoint:1234 –urlzone default

The following table describes the properties associated with this command line operation.

 Important   After using command line operations to add or delete URLs, you must restart IIS on each server running SharePoint Portal Server in your server farm for your changes to take effect. To restart IIS, from the command prompt, use the following syntax from the command prompt: iisreset.exe /noforce

For more information about how SharePoint Portal Server 2003 SP2 supports SSL termination, see KB 917064: How to configure SharePoint Portal Server 2003 for off-box SSL termination by using ISA Server 2004.

Support for Crawling and Searching Lotus Notes

SharePoint Portal Server 2003 SP2 supports crawling and searching content in , Lotus Notes release 6.