Posts Tagged ‘Kerberos

I’ve been struggling for quite a long time with Excel Web Access in combination with a SQL Analysis Server and SharePoint. The problem is that I am able to display an excel file (which is in a SharePoint web part), but whenever I choose to refresh the connection I get the following [...]

A great article from Rob “I Speak Tampa” Greene. He is explaining things that can occur when IE Kerberos authentication fails. You can check it out here.

If you’re in the middle of implementing Kerberos for something, remember that Kerberos authentication fails whenever you use CNAME records in DNS, instead of A-Records.
Why is this?
This is because whenever for example IE asks AD: “which account has a SPN registration for kerberos.marcvalk.net”, and kerberos.marcvalk.net is an CNAME for IIS_Server.marcvalk.net, the reply [...]

DelegConfig v2

In: Security

5 May 2009

A new version of the Kerberos tool DelegConfig is ready. Download it here.
Notable Features:

Supports IIS 7.0 (useKernelMode / useAppPoolCredentials)

Allows adding backend servers of type UNC, HTTP, LDAP, OLAP, SQL, SSAS, and RDP

Allows chaining of multiple hops (versus only a single backend)

Performs duplicate SPN check against all trusted domains.

/Set/SPNs.aspx – Allows adding and removing of ServicePrincipalNames

/Set/Delegation.aspx [...]

A vbs query from Microsoft to search for duplicate SPN’s:
http://www.microsoft.com/technet/scriptcenter/solutions/spnquery.mspx

To enable event logging of Kerberos:

start registry editor
navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters If the parameter key does not exist, create it
Create a new REG_DWORD Value named LogLevel and give it a value of 1