locked
MOSS 2007 + NLB + Kerberos RRS feed

  • Question

  • Hi,

    I've setup an Moss 2007 SP2 Farm (2 WFE) with network loadbalancing. The database is hosted on a different host.

    Know I'd like to switch on Kerberos authentication. Therefore I have to setup the spn for the wfe's and the database server.

    Do I need to create an SPN aswell for the clusternode??

    nlb-adress: c-host
    wfe hosts: host1, host2
    db: db_server

    SPN:

    Setspn.exe -A HTTP/host1 %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/host1.domain %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/host2 %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/host2.domain %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/c-host %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/c-host.domain %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A MSSQLSvc/db_server:1433 DOMAIN\sql_srvc_account
    Setspn.exe -A MSSQLSvc/db_server.domain:1433 DOMAIN\ sql_srvc_account

    And what about DNS-Alias? Do I need to register them too??

    Any suggestions are welcome.

    best regards,

    Knut

    Tuesday, November 16, 2010 6:56 PM

All replies

  • From my research, no you do not.  Re the DNS Alias, if you are using that sql alias (Must be an A name, not C name), then you would need the alias SPN.
    /bac
    • Edited by BobChauvin Tuesday, November 16, 2010 8:50 PM correction
    Tuesday, November 16, 2010 8:42 PM
  • hi Bob,

    just to summarize the commands for me:

    Setspn.exe -A HTTP/host1 %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/host1.domain %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/host2 %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A HTTP/host2.domain %MYSITEAPPPOOLACCOUNT%
    Setspn.exe -A MSSQLSvc/db_server:1433 DOMAIN\sql_srvc_account
    Setspn.exe -A MSSQLSvc/db_server.domain:1433 DOMAIN\ sql_srvc_account

    Knut

    Wednesday, November 17, 2010 7:21 AM