{"id":24,"date":"2007-03-02T11:50:56","date_gmt":"2007-03-02T11:50:56","guid":{"rendered":"http:\/\/www.myfatblog.co.uk\/?p=24"},"modified":"2007-03-02T11:51:45","modified_gmt":"2007-03-02T11:51:45","slug":"kerberos-the-3-headed-nightmare","status":"publish","type":"post","link":"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/","title":{"rendered":"Kerberos.. The 3 headed nightmare!"},"content":{"rendered":"

10 hours!!!… Thats how long it took me to resolve a Kerberos issue.<\/p>\n

It all started with finishing the installation of MOSS 2007 and then running the SharePoint Configuration wizard.<\/p>\n

No major problems with this, I entered the SQL Server information, changed the default configuration database name and added the Service credentials.<\/p>\n

Click next, and hit a wonderfully expansive error stating that I couldn’t connect to the farm or possibly using incorrect credentials. So I checked everything, group memberships, Server names, DNS settings. All I had in the Security event log was a very bare Event 529, against the Kerberos login method.<\/p>\n

In the end, I decided to try and set-up a simple ODBC connection using a system DSN, and thats when I came across the rather more useful error “Cannot generate SSPI Context”<\/p>\n

Well this at least pointed me to a reaosnably good KB article that covered this error in a more expansive way. KB811889 – How to troubleshoot the “Cannot generate SSPI context” error message<\/a><\/p>\n

From that, I found another useful explanation of SQL’s authentication methods..<\/p>\n

Understanding Kerberos and NTLM authentication in SQL Server Connections<\/a><\/p>\n

And finally from this, worked out that because I was running the SQL Service under a domain account, it needed to be able to set it’s own SPN (Service Principle Name) for Kerberos, and therefore required to be a member of the Domain Admins.<\/p>\n

I added the username to this group, restarted SQL, and lo and behold, I connected straight away.<\/p>\n

So this now leaves me with a dilemma, do I leave the SQL server service running as a domain admin and tie it down through Group policy, or do i continue trying to find a better way to run under a normal domain user account…<\/p>\n","protected":false},"excerpt":{"rendered":"

10 hours!!!… Thats how long it took me to resolve a Kerberos issue. It all started with finishing the installation of MOSS 2007 and then running the SharePoint Configuration wizard. No major problems with this, I entered the SQL Server information, changed the default configuration database name and added the Service credentials. Click next, and … <\/p>\n

Continue reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[5,6],"tags":[],"yoast_head":"\nKerberos.. The 3 headed nightmare! - Blog of an overweight SharePoint addict<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kerberos.. The 3 headed nightmare! - Blog of an overweight SharePoint addict\" \/>\n<meta property=\"og:description\" content=\"10 hours!!!… Thats how long it took me to resolve a Kerberos issue. It all started with finishing the installation of MOSS 2007 and then running the SharePoint Configuration wizard. No major problems with this, I entered the SQL Server information, changed the default configuration database name and added the Service credentials. Click next, and … Continue reading\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog of an overweight SharePoint addict\" \/>\n<meta property=\"article:published_time\" content=\"2007-03-02T11:50:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2007-03-02T11:51:45+00:00\" \/>\n<meta name=\"author\" content=\"Cimares\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cimares\" \/>\n<meta name=\"twitter:site\" content=\"@cimares\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cimares\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/\",\"url\":\"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/\",\"name\":\"Kerberos.. The 3 headed nightmare! - Blog of an overweight SharePoint addict\",\"isPartOf\":{\"@id\":\"http:\/\/www.myfatblog.co.uk\/#website\"},\"datePublished\":\"2007-03-02T11:50:56+00:00\",\"dateModified\":\"2007-03-02T11:51:45+00:00\",\"author\":{\"@id\":\"http:\/\/www.myfatblog.co.uk\/#\/schema\/person\/55ae8f6885bb5b8390dad001f3da83c6\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.myfatblog.co.uk\/#website\",\"url\":\"http:\/\/www.myfatblog.co.uk\/\",\"name\":\"Blog of an overweight SharePoint addict\",\"description\":\"The rantings of a (not so) food obsessed IT consultant!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.myfatblog.co.uk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.myfatblog.co.uk\/#\/schema\/person\/55ae8f6885bb5b8390dad001f3da83c6\",\"name\":\"Cimares\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/www.myfatblog.co.uk\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/www.myfatblog.co.uk\/images\/BlogImages\/About_D057\/TopOfTheWorld.jpg\",\"contentUrl\":\"http:\/\/www.myfatblog.co.uk\/images\/BlogImages\/About_D057\/TopOfTheWorld.jpg\",\"caption\":\"Cimares\"},\"sameAs\":[\"http:\/\/www.myfatblog.co.uk\"],\"url\":\"http:\/\/www.myfatblog.co.uk\/index.php\/author\/reginald\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kerberos.. The 3 headed nightmare! - Blog of an overweight SharePoint addict","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/","og_locale":"en_US","og_type":"article","og_title":"Kerberos.. The 3 headed nightmare! - Blog of an overweight SharePoint addict","og_description":"10 hours!!!… Thats how long it took me to resolve a Kerberos issue. It all started with finishing the installation of MOSS 2007 and then running the SharePoint Configuration wizard. No major problems with this, I entered the SQL Server information, changed the default configuration database name and added the Service credentials. Click next, and … Continue reading","og_url":"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/","og_site_name":"Blog of an overweight SharePoint addict","article_published_time":"2007-03-02T11:50:56+00:00","article_modified_time":"2007-03-02T11:51:45+00:00","author":"Cimares","twitter_card":"summary_large_image","twitter_creator":"@cimares","twitter_site":"@cimares","twitter_misc":{"Written by":"Cimares","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/","url":"http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/","name":"Kerberos.. The 3 headed nightmare! - Blog of an overweight SharePoint addict","isPartOf":{"@id":"http:\/\/www.myfatblog.co.uk\/#website"},"datePublished":"2007-03-02T11:50:56+00:00","dateModified":"2007-03-02T11:51:45+00:00","author":{"@id":"http:\/\/www.myfatblog.co.uk\/#\/schema\/person\/55ae8f6885bb5b8390dad001f3da83c6"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.myfatblog.co.uk\/index.php\/2007\/03\/kerberos-the-3-headed-nightmare\/"]}]},{"@type":"WebSite","@id":"http:\/\/www.myfatblog.co.uk\/#website","url":"http:\/\/www.myfatblog.co.uk\/","name":"Blog of an overweight SharePoint addict","description":"The rantings of a (not so) food obsessed IT consultant!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.myfatblog.co.uk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/www.myfatblog.co.uk\/#\/schema\/person\/55ae8f6885bb5b8390dad001f3da83c6","name":"Cimares","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.myfatblog.co.uk\/#\/schema\/person\/image\/","url":"http:\/\/www.myfatblog.co.uk\/images\/BlogImages\/About_D057\/TopOfTheWorld.jpg","contentUrl":"http:\/\/www.myfatblog.co.uk\/images\/BlogImages\/About_D057\/TopOfTheWorld.jpg","caption":"Cimares"},"sameAs":["http:\/\/www.myfatblog.co.uk"],"url":"http:\/\/www.myfatblog.co.uk\/index.php\/author\/reginald\/"}]}},"_links":{"self":[{"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/24"}],"collection":[{"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=24"}],"version-history":[{"count":0,"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/24\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=24"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=24"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.myfatblog.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=24"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}