Consider you have a one Web Application with at least two zones. The extranet zone (http://sp2016 in this example) and an intranet zone (http:sp2016:100 in this example). The cross firewall zone is the intranet zone (http:sp2016:100 in this example). Notice that this is an unusual scenario as extranet is the natural candidate to the cross firewall access zone.
A user with access to the extranet site navigates to a document library on the zone where he/she has access, and then add an alert for all changes for a document. The first e-mail will point to the zone where customer created the alert, subsequent alerts will point to the intranet zone which user cannot access from the extranet.
Steps to reproduce
- Go to Library ribbon –> Alert me -> Set alert on this library
- The first e-mail will point to http://sp2016
- When a change occurs in the document the new alerts will point to the Cross Firewall Access zone (http://sp2016:100 in this example) .
This is by design in 2013 and 2016 but it breaks with the behavior when compared to SharePoint 2010 which would send an e-mail based on where it was created.
In SharePoint 2010 the alert link goes unmodified pointing to the location it was created. In 2013 and 2016, the direct link was modified and the link goes mediated by Redirect.aspx which will reroute the call to the Cross Firewall Access Zone.
It is possible to override the behavior by enabling a special flag in the Farm. Below is the PowerShell script to do so.