Options
What it's like to work in IT
RobertKaucher
Member Posts: 4,299 ■■■■■■■■■■
in Off-Topic
This week I had set up our production servers for the migration to SharePoint 2010. I have done this so many times I could do it in my sleep.
We need to use Kerberos Constrained Delegation with ISA 2006. Now setting that up is quite easy but can be complex when something goes wrong. This time I just could not get the Kerberos auth to work. Nothing I did fixed it. I checked everything - except for a duplicate SPN.
This is is how I feel:
http://basicinstructions.squarespace.com/storage/wallpapers/lb1600x1200.jpg
We need to use Kerberos Constrained Delegation with ISA 2006. Now setting that up is quite easy but can be complex when something goes wrong. This time I just could not get the Kerberos auth to work. Nothing I did fixed it. I checked everything - except for a duplicate SPN.
setspn -xfound the problem. I had left the SPN registered after my previous test.
This is is how I feel:
http://basicinstructions.squarespace.com/storage/wallpapers/lb1600x1200.jpg
Comments
-
OptionsBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□Dude I kid you not I had almost the exact same problem this week on a server 2008 r2 box. IIS wasn't authenticating to AD correctly. Busted out Wireshark to see what packets weren't going. Read the rfc and did some googling. Found out about spns and such and published one with the sitename on the host. Problem solved.
-
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■I generally get down on myself a bit too much for wasting time on things I should already know to look for. But sometimes your brain just does not function in an efficient manner. Well, I have added setspn -x to my check list for setting up Kerberos auth. Lesson learned, I guess.
-
Optionsit_consultant Member Posts: 1,903This is like when I worked on a firewall for hours trying to get the internet up, called and cursed out the ISP, had the firewall in debug mode...I had one number off in my default route.