locked
Kerberos Authentication !! RRS feed

  • Question

  • Hello Everyone,

    I have to Configure Kerberos for SharePoint 2010 server.  In our production environment we have 12 SharePoint server out of which on one server Centeral Admin is configured and is using services from rest of the servers. 

    How would I go about configuring the Kerberos.  Do I have to just configure the Kerberos Per Web-Application on the Centeral Admin server or It has to be done on every sever.  If every server then how to do it.

    Thanks In Advance~
    Deepak



    Thanks & Regards~ Deepak Arora

    • Moved by Lhan Han Wednesday, April 11, 2012 12:34 AM sp2010 (From:SharePoint - Setup, Upgrade, Administration and Operation (pre-SharePoint 2010))
    Tuesday, April 10, 2012 7:41 AM

Answers

  • Hi,

    Kerberos is based on web applications, since all the SharePoint servers 2010 have the same web application, so you don’t need to configure Kerberos on every server. You only need to choose Kerberos authentication when you create a web application.

    In order to make Kerberos work, you need to create a service accounts for the web applications’ IIS application pool, then register Service Principal Names (SPN) for the web applications on the service account created for the web application’s IIS application pool.

    In addition, there are some settings you need to check on IIS on every server, for example, verify Kerberos is enabled and Kernel mode authentication is disabled.

    For more information about Kerberos in SharePoint 2010, check out the following white paper:

    http://www.microsoft.com/download/en/details.aspx?id=23176

    Thanks,

    Rock Wang


    Rock Wang TechNet Community Support

    Wednesday, April 11, 2012 3:33 AM

All replies

  • Hello Everyone,

    I have to Configure Kerberos for SharePoint 2010 server.  In our production environment we have 12 SharePoint server out of which on one server Centeral Admin is configured and is using services from rest of the servers. 

    How would I go about configuring the Kerberos.  Do I have to just configure the Kerberos Per Web-Application on the Centeral Admin server or It has to be done on every sever.  If every server then how to do it.

    Thanks In Advance~
    Deepak


    Thanks & Regards~ Deepak Arora

    • Moved by Jack-Gao Wednesday, April 11, 2012 1:00 AM It is SharePoint2010 (From:SharePoint - General Question and Answers and Discussion (pre-SharePoint 2010))
    • Merged by Rock Wang– MSFT Friday, April 20, 2012 7:02 AM duplicate
    Tuesday, April 10, 2012 7:39 AM
  • Deepak,

    You need to ask your question in a 2010 forum, then we can answer you correctly.

    • Edited by Paul Turner _ Tuesday, April 10, 2012 8:08 AM Wrong forum
    Tuesday, April 10, 2012 8:07 AM
  • Hi,

    Kerberos is based on web applications, since all the SharePoint servers 2010 have the same web application, so you don’t need to configure Kerberos on every server. You only need to choose Kerberos authentication when you create a web application.

    In order to make Kerberos work, you need to create a service accounts for the web applications’ IIS application pool, then register Service Principal Names (SPN) for the web applications on the service account created for the web application’s IIS application pool.

    In addition, there are some settings you need to check on IIS on every server, for example, verify Kerberos is enabled and Kernel mode authentication is disabled.

    For more information about Kerberos in SharePoint 2010, check out the following white paper:

    http://www.microsoft.com/download/en/details.aspx?id=23176

    Thanks,

    Rock Wang


    Rock Wang TechNet Community Support

    Wednesday, April 11, 2012 3:33 AM