 |
Configuring Kerberos is an advanced task and should only be performed by an appropriately trained professional. The steps and configurations given in this help file are to be used as a guide - your system may require additional configuration due to different hardware and software compatibilities. |
If you are experiencing Kerberos issues, use the following checklist to look for issues:
- Run ldifde.exe on the domain controller to get a list of all the SPNs that has been set up in the environment.
- This is a command line tool and can be found in the system folder
- Command to run: ldifde -d "CN=Users,DC=[DomainNETBIOSname]" -l servicePrincipalName -F c:\SPNoutput.txt
- Replace [DomainNETBIOSname] with your Domain NetBIOS name
- This should give you a full list of all SPNs that exist on the domain
- Repeat for as many Domains as are in your environment
- Run the following commands on each IIS server where you have K2 Workspace, SharePoint, and SQL Server Reporting Services installed:
- cscript C:\Inetpub\Adminscripts\adsutil.vbs get w3svc/NTAuthenticationProviders
- cscript C:\Inetpub\Adminscripts\adsutil.vbs get w3svc/[SiteID]/NTAuthenticationProviders
- Replace [SiteID] with each of the site Identifiers for:
-
- The K2 Workspace site
- The Reporting Services site
- The SharePoint site
- Check delegation in Active Directory on each of the service accounts:
- domain\K2 Service Account
- domain\K2 Workspace Service Account
- domain\SharePoint Service Account
- domain\SQL Server Account
- domain\Reporting Services Service Account
- Check that DTC has been setup correctly on the K2 Server, SQL Server, Reporting Services Server, SharePoint Server, and K2 Workspace Server
- Check MSMQ on the K2 Server
- Check that the NIC used in NLB is not listed in DNS. Only the NLB IP address and the IP address of the NIC not used in NLB must be visible in DNS.
