Options

What it's like to work in IT

RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
in Off-Topic
This week I had set up our production servers for the migration to SharePoint 2010. I have done this so many times I could do it in my sleep.
We need to use Kerberos Constrained Delegation with ISA 2006. Now setting that up is quite easy but can be complex when something goes wrong. This time I just could not get the Kerberos auth to work. Nothing I did fixed it. I checked everything - except for a duplicate SPN.
setspn -x
found the problem. I had left the SPN registered after my previous test.

This is is how I feel:

http://basicinstructions.squarespace.com/storage/wallpapers/lb1600x1200.jpg
· Share on FacebookShare on Twitter

Comments

  • Options
    Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Dude I kid you not I had almost the exact same problem this week on a server 2008 r2 box. IIS wasn't authenticating to AD correctly. Busted out Wireshark to see what packets weren't going. Read the rfc and did some googling. Found out about spns and such and published one with the sitename on the host. Problem solved.
    · Share on FacebookShare on Twitter
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    I generally get down on myself a bit too much for wasting time on things I should already know to look for. But sometimes your brain just does not function in an efficient manner. Well, I have added setspn -x to my check list for setting up Kerberos auth. Lesson learned, I guess.
    · Share on FacebookShare on Twitter
  • Options
    it_consultantit_consultant Member Posts: 1,903
    This is like when I worked on a firewall for hours trying to get the internet up, called and cursed out the ISP, had the firewall in debug mode...I had one number off in my default route.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.