Re: SPN problems?
- From: gonzo <gonzo@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 19 Sep 2008 07:33:57 +0200
Joe Kaplan wrote:
Can you show what the SPNs you are setting actually are and what accounts you are setting them on?
A common cause of Kerb auth errors is when you create an SPN like HTTP/someapp and try to put that on two different service accounts. The rule with SPNs is that they can only be on a single account. HTTP does not use the port for forming the SPN, so you cannot differentiate the SPN by port.
hello, yes, I use two separate accounts for two HTTP SPNs :/ thank you for this suggestion, I didin't know about it, will try to use only one account.
Another thing to understand is whether the SPN your are setting is the plain host name of the server and if there is another SPN like HOST/server with the same host name on a different account.
It would also be helpful to know if you get any useful error messages in the system event log from Kerberos or failure audits in the security event log related to this.
HTH,
Joe K.
thanks for this post, I'll experiment a bit and let you know.
cheers,
gonzo
.
- References:
- SPN problems?
- From: gonzo
- Re: SPN problems?
- From: Joe Kaplan
- SPN problems?
- Prev by Date: Re: Windows Server 2008, w/Exchange 2007 install & AD 2003 Server
- Next by Date: Re: Creating AD OU structure for GP deployment
- Previous by thread: Re: SPN problems?
- Next by thread: Re: SPN problems?
- Index(es):
Relevant Pages
|
