« Previous Next »

• 07-09-2009, 5:04 PM

  Kapn.K Joined on 03-18-2009, 8:54 PM Posts 12

  How many SPN's do I need? NLB/MSCS Reply Contact I have nlb groups and multiple sites(each site has own application pool). I would like to have one account that all the app pools run under. I couldn't get kerberos working(necessary for remote file-share webroot) using the machine accounts but I was able to with a user account. Do I need to do this for each site(not machine)? setspn -A HTTP/website1.domain.com domain\service account setspn -A HTTP/website2.domain.com domain\service account Or does that cause the duplicate SPN? If so, do I need a separate service account for each site/app pool? Thanks, Steve

  Tags: IISNLBAuthenticationclusteringMSCSclusterkerberosiis 6.0iwaIIS 6Websitewebfarm

• 07-09-2009, 5:16 PM

  In reply to

  Rovastar Joined on 03-13-2008, 10:00 AM London, UK Posts 1,686

  Re: How many SPN's do I need? NLB/MSCS Reply Contact  I haven't setup any Kerboes stuff but does this help? http://blogs.msdn.com/saurabh_singh/archive/2007/01/29/kerberos-troubleshooting-from-iis-perspective.aspx http://blogs.iis.net/webtopics/archive/2009/05/22/3-simple-steps-for-configuring-an-spn-for-your-website.aspx http://support.microsoft.com/kb/929650 Or maybe this app. http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1887 http://www.iisportal.com

• 07-10-2009, 4:23 AM

  In reply to

  Paul Lynch Joined on 05-24-2006, 5:41 AM UK Posts 1,197

  Re: How many SPN's do I need? NLB/MSCS Reply Contact Hi, You need to register one SPN for each URL that you intend to use. Your approach is correct and will not cause duplicate SPN's. You can register multiple SPN's against one domain account but, conversely,  you cannot register one SPN against more than one domain account as that will result in duplicate SPN's. Once you have got your environment configured I would suggest using  the DelegConfig tool to test your setup. I have configured a number of applications to use kerberos and I always use this tool to check that everyting is setup correctly : http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/delegconfig-delegation-configuration-reporting-tool.aspx Regards, Paul Lynch | www.iisadmin.co.uk

• 07-10-2009, 9:44 AM

  In reply to

  Kapn.K Joined on 03-18-2009, 8:54 PM Posts 12	Re: How many SPN's do I need? NLB/MSCS Reply Contact Thanks Paul. I thought I was on the right track but just wanted to make sure. Between development, test, and production, I've got about 150 sites to migrate from being on single boxes to the high availablility environment. Steve