Marc Valk dot Net
blogging about…… Microsoft, Cloud Computing
Posts Tagged ‘Kerberos’
EWA: Error Data Refresh Failed
In: Security| SharePoint
30 Jun 2009I’ve been struggling for quite a long time with Excel Web Access in combination with a SQL Analysis Server and SharePoint. The problem is that I am able to display an excel file (which is in a SharePoint web part), but whenever I choose to refresh the connection I get the following [...]
- No Comments
- Tags: Kerberos, SharePoint, SQL Server, SSAS
Internet Explorer behaviors with Kerberos Authentication
In: Security
23 Jun 2009A great article from Rob “I Speak Tampa” Greene. He is explaining things that can occur when IE Kerberos authentication fails. You can check it out here.
- No Comments
- Tags: Kerberos, Security
Kerberos fails when using CNAME records
In: Security
9 Jun 2009If you’re in the middle of implementing Kerberos for something, remember that Kerberos authentication fails whenever you use CNAME records in DNS, instead of A-Records.
Why is this?
This is because whenever for example IE asks AD: “which account has a SPN registration for kerberos.marcvalk.net”, and kerberos.marcvalk.net is an CNAME for IIS_Server.marcvalk.net, the reply [...]
- No Comments
- Tags: Kerberos, Security
DelegConfig v2
In: Security
5 May 2009A new version of the Kerberos tool DelegConfig is ready. Download it here.
Notable Features:
Supports IIS 7.0 (useKernelMode / useAppPoolCredentials)
Allows adding backend servers of type UNC, HTTP, LDAP, OLAP, SQL, SSAS, and RDP
Allows chaining of multiple hops (versus only a single backend)
Performs duplicate SPN check against all trusted domains.
/Set/SPNs.aspx – Allows adding and removing of ServicePrincipalNames
/Set/Delegation.aspx [...]
- No Comments
- Tags: IIS, Kerberos, Security
Search for duplicate SPN’s
In: Microsoft| Security| Windows Server
2 Apr 2009A vbs query from Microsoft to search for duplicate SPN’s:
http://www.microsoft.com/technet/scriptcenter/solutions/spnquery.mspx
- No Comments
- Tags: Kerberos, Security
Enable Kerberos Event Logging
In: Security
1 Apr 2009To enable event logging of Kerberos:
start registry editor
navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters If the parameter key does not exist, create it
Create a new REG_DWORD Value named LogLevel and give it a value of 1
- No Comments
- Tags: Kerberos, Security