Thursday, July 8, 2010

check Kerberos Authentication

if you have in the Domain Controller in the System Event Viewer an Error with ID 11 and source KDC (which is logged if your Kerberos is not working and after you try to access the site from the DC) with something like DS_SERVICE_PRINCIPAL_NAME it means something is not working, use http://support.microsoft.com/kb/321044 with method 2 to solve it:

example:
C:\Documents and Settings\moss_sysadmin>ldifde -f check_SPN_MOSSDEVWFE.txt -t 32
68 -d "" -l servicePrincipalName -r "(servicePrincipalName=HTTP/MOSS-DEV-WFE*)"
-p subtree

where check_SPN_MOSSDEVWFE is the name you want to give the file and MOSS-DEV-WFE is the name of my Production server

No comments:

Post a Comment