If you missed my article entitled; Kerberos in a SharePoint environment, which explains the Kerberos configuration and log on process, please read that for a better understanding of what is going on when accessing the website and base configuration.
After writing the previous article, some people asked me how to troubleshoot different error-messages they were getting. It can be difficult to pin-point exactly what the error means and going through the whole configuration again will not always reveal the problem. You may end up spending a lot of time searching for help on the internet, even though you will usually find the correct answer to your problem.
This is not a guide to all Kerberos-related errors, but I will set up a test environment and create different problems to show which error-messages come from the configuration problems I create. The error messages in server event logs will seem obvious sometimes, other times a larger investigation is needed on several server event logs and even network packet sniffers.
After writing the previous article, some people asked me how to troubleshoot different error-messages they were getting. It can be difficult to pin-point exactly what the error means and going through the whole configuration again will not always reveal the problem. You may end up spending a lot of time searching for help on the internet, even though you will usually find the correct answer to your problem.
This is not a guide to all Kerberos-related errors, but I will set up a test environment and create different problems to show which error-messages come from the configuration problems I create. The error messages in server event logs will seem obvious sometimes, other times a larger investigation is needed on several server event logs and even network packet sniffers.
The setup, Where is the toolbox?, The problems to investigate, Date and time, Application pool accounts, Service Principle Name (SPN) configuration, you can read here
Conclusion
We have now set up a test environment, found some tools to use and generated error-messages to help us find some answers for date/time, application pool accounts and SPN configuration, if found in a production environment.
In the following article parts I will cover typical problems such as
Duplicate Service Principal Names
DNS Configuration mismatch
Delegation, when is it used and how to check it
Shared Service Provider (SSP), is it Kerborized?
More investigation with the network packet analyzer
We have now set up a test environment, found some tools to use and generated error-messages to help us find some answers for date/time, application pool accounts and SPN configuration, if found in a production environment.
In the following article parts I will cover typical problems such as
Duplicate Service Principal Names
DNS Configuration mismatch
Delegation, when is it used and how to check it
Shared Service Provider (SSP), is it Kerborized?
More investigation with the network packet analyzer
Source:http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part1.html
No comments:
Post a Comment
loan709@yahoo.com