Jesper M. Christensen

SharePoint and Security

Post me your SharePoint kerberos errors


Hello everyone,

I am currently collecting error messages and if you have some please post them on this blog-post. Please describe your environment, what you are are trying to accomplish and the errors on the different servers. If you have errors and solutions that would be appreciated also J

Hope to see and solve some problems,

Thanks
Jesper

Advertisements

5 responses to “Post me your SharePoint kerberos errors

  1. Murad December 6, 2008 at 00:05

    Hi Jesper I was reading your article on how to setup Kerberos for SharePoint(http://www.windowsecurity.com/articles/Kerberos-Sharepoint-Environment.html) and I was wondering if you could explain as to why I need to enable delegation on the computer accounts (MOSS FEW servers and SQL server)? I understand that the app pool account should have this "enable for delegation" option checked in AD because it needs to pass the ticket, but no where I can find why the computer account should also have this enabled. Is there anything internal to MOSS that runs as a local service? When does the computer account comes in the picture where it needs to use delegation?I would really appreciate if you or someone from your team can shed some light on this requirement and also point me to a Microsoft article that talks about this in detail.ThanksMurad Akram

  2. Vamsi April 29, 2009 at 18:25

    Jesper,Your article helped us in our Kerberos delegation implementation in a farm environment.We got Kerberos Delegation to work in DEV, but ran into an issue in STAGE. In STAGE, all servers and client computers are in sub domain, where as service accounts and user accounts are in Parent domain. We get the following error, (when connecting to SSAS) and we assume this is due to inter domain trust issue with Kerberos delegation. Please provide your valuable input.Error is: The following system error occurred: The security database on the server does not have a computer account for this workstation trust relationship. .

  3. Vamsi May 1, 2009 at 20:55

    UPDATE: We fixed the problem. SSAS service account SPN was wrong. It had port number in it. SSAS SPNs should not have port numbers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: