locked
PPS-MA and Cross-Domain/Forest Kerberos Delegation RRS feed

  • Question

  • We have a deployment where SSAS, MOSS, the PPS Server and some users are in one domain (e.g. domain1.loc), and some users are in a second domain (e.g. domain2.loc).

    All components and delegation work correctly for users in domain1.loc

    Users in domain2.loc can access the MOSS server in domain1.loc, but delegation is not working as expected.

    domain1.loc and domain2.loc are in different forests, and selective trusts are in place.


    My first question is whether this configuration "is supported" for a PPS implementation at all.  The PPS Monitoring Server deployment guide states on p.105 in the prerequisites list that "All users are part of the same Active Directory domain.".  Is this accurate? 

    Second, given this configuration, are there any special considerations for PPS?  Or, is the configuration with regard to trusts, delgation, SPN config, etc., strictly driven by the underlying procedures for MOSS, SSAS, AD, IE?

    Finally, is this a config others have implemented successfully...and any pointers that might help find a quick solution to this install?

    Thanks for any insights!
    Rob
    Wednesday, March 11, 2009 3:01 PM

Answers

  •  

     Rob,

    Some others might be able to provide additional guidance on this topic.  The support for this situation kind of lies in the gray area.  In theory between forests would be considered a type of extranet deployment which is not supported with PPS.  However since there is trusts setup this should work and I have seen it work.  But it was through a considerable amount of work and this forum probably would not be the best way to accomplish this.  I would suggest that you first start with support to see if we can assist you, or you may need to use a PPS Consulting resource.    

    One key thing I do remember is that you had to use the FQDN when creating the datasource in Monitoring DD to get it to work.

    Thank you,

    Aseem Nayar – MSFT


    This posting is provided "AS IS" with no warranties, and confers no rights
    • Marked as answer by Rob Kerr Wednesday, March 11, 2009 11:10 PM
    Wednesday, March 11, 2009 9:24 PM

All replies

  •  

     Rob,

    Some others might be able to provide additional guidance on this topic.  The support for this situation kind of lies in the gray area.  In theory between forests would be considered a type of extranet deployment which is not supported with PPS.  However since there is trusts setup this should work and I have seen it work.  But it was through a considerable amount of work and this forum probably would not be the best way to accomplish this.  I would suggest that you first start with support to see if we can assist you, or you may need to use a PPS Consulting resource.    

    One key thing I do remember is that you had to use the FQDN when creating the datasource in Monitoring DD to get it to work.

    Thank you,

    Aseem Nayar – MSFT


    This posting is provided "AS IS" with no warranties, and confers no rights
    • Marked as answer by Rob Kerr Wednesday, March 11, 2009 11:10 PM
    Wednesday, March 11, 2009 9:24 PM
  • Thanks for the reply and info!

    Wednesday, March 11, 2009 11:11 PM