« Previous Next »

• 02-12-2009, 5:01 AM

  DaanH Joined on 02-12-2009, 9:45 AM Posts 2

  IIS 7 Kerberos failing on FQDN Reply Contact Hi all,I'm installing Sharepoint Server 2007 on Windows Server 2008 and SQL server 2008. I had all the application pools created but I good not get Kerberos working so I went back to the basics. This is my scenario now. Webserver: Server1.sub.domain.com SQL server SQL.sub.domain.com Application pool account for Central Admin. SUB\sa-ca I added the SPN’s for the SQL server en confirmed that I can successfully connect from the webserver to the SQL server with Kerberos.I installed Sharepoint en configured the Central Administration. I added the SPN’s setspn.exe –A HTTP/server1 SUB\sa-ca setspn.exe –A HTTP/server1.sub.domain.com SUB\sa-caWhen I try to connect to  the Netbios name (http://Server1) I can connect to the central Administration and in the Event log on the webserver I can see I’m using Kerberos. I can successfully connect to the Central Admin from the local Server, A Machine that is member of the domain and a machine that is on the network, but not on the domain. When I try to use the FQDN (http://server1.sub.domain.com) I can’t connect I always get 401 and in the event log I see: An account failed to log on. Subject:                Security ID:                           NULL SID                Account Name:                    -                Account Domain:                -                Logon ID:                              0x0  Logon Type:                                         3  Account For Which Logon Failed:                Security ID:                           NULL SID                Account Name:                                    Account Domain:                  Failure Information:                Failure Reason:                     Unknown user name or bad password.                Status:                                   0xc000006d                Sub Status:                            0xc000006a  Process Information:                Caller Process ID:  0x0                Caller Process Name:           -  Network Information:                Workstation Name:             -                Source Network Address:   My IP Address                Source Port:                          53665  Detailed Authentication Information:                Logon Process:                    Kerberos                Authentication Package:    Kerberos                Transited Services:               -                Package Name (NTLM only):             -                Key Length:                          0  Because I’m on Server 2008 I edited the C:\Windows\System32\inetsrv\config\applicationHost.config file:<system.webServer><security> <authentication>                     <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" /> </authentication> </security> </system.webServer> Any help is appreciated…

• 02-12-2009, 6:59 AM

  In reply to

  DaanH Joined on 02-12-2009, 9:45 AM Posts 2

  Re: IIS 7 Kerberos failing on FQDN Reply Contact I think I solved my own problem after all.... I was using: setspn.exe –A HTTP/server1:1234 SUB\sa-ca setspn.exe –A HTTP/server1.sub.domain.com:1234 SUB\sa-ca But in stead I had te use setspn.exe –A HTTP/server1:1234.sub.domain.com SUB\sa-ca it is strange because Microsoft didn't mention that in the Kerberos for Moss Instructions and for the SQL server I placed the port numer at the end and that works...

• 02-12-2009, 6:15 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 4,153	Re: IIS 7 Kerberos failing on FQDN Reply Contact Thanks for posting.  Might be worth checking a Sharepoint forum or list to be sure.  MOSS is it's own unique app. :) Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget