Alerts using the Default Zone URL

I am sure a lot of people have had this issue or face it. As a couple of service applications required the NT Auth in default zone of the web application, i.e., the search for them is a big one. I setup a Web App with two zones,

  1. Default Zone with NTLM
  2. Intranet zone with FBA/ADFS authentication


Now we encounter an issue when I setup a document library and configure the alerts on it I get the welcome email which is using the correct zone(intranet) URL but once I upload / delete /edit documents I get the alert but,this time, it is using the default zone URL. Even workflows are using the same default zone URL.

This is the expected behavior for SharePoint alerts and has been the behavior since Alternate Access Mappings was introduced. Because SharePoint doesn't know the appropriate zone context for the user receiving the alert, it defaults to using the Default zone.


I found a couple of workarounds, I.e., configure the dual authentication in default zone, it will just give an extra click for the user, or you can customize the login URL to bypass the NT auth. Or use some custom code etc. But in my case, these did not work.


Finally, I found an article on the Technet about Configure external access for mobile devices in SharePoint 2013. This article talks about how to make SharePoint sites available for mobile devices when the devices are used outside the corporate firewall. But we are in the same Intranet Zone, how can this benefit us,

A cross-firewall access zone is used to generate external PC and mobile URLs in mobile alert messages and enables users to send an externally available URL when they click the E-mail a link or Alert Me button on the ribbon.

So easy steps are,

To configure a cross-firewall access zone,

  1. Verify that you have the following administrative credentials:

    • You must be a member of the Farm Administrators group.

  2. In Central Administration, click System Settings.

  3. On the System Settings page, under Farm Management, click Configure cross firewall access zone.

  1. On the Cross Firewall Access Zone page, in Web Application, in the Web Application list, select the web application that is published across the firewall.

  2. In Cross Firewall Access Zone, in the Zone selection for cross firewall access list, select the zone that is published across the firewall.

  1. Hey itworked. It's so simple, I can't believe it.