locked
No Access to the Central Administration anymore!!! RRS feed

  • Question

  • Hello,

    Trying to make SSRS available on SharePoint I pass the following commands:

    SharePoint Site:

    Setspn –a http://teams.domain ad\ad\svcSPTeamApPool
    Setspn –a http://teams ad\ad\svcSPTeamApPool

    Central Administrator:

    Setspn –a http://ap1:3323/default.aspx ad\ad\svcSPTeamApPool
    setspn –a http://ap1.domain:3323/default.aspx ad\ad\svcSPTeamApPool

    Reporting Services:

    Setspn –a http/ap1/ITOSMMT ad\svcitosmmt
    Setspn –a http/ap1.domain/ITOSMMT ad\itosmmt

    SQL Server:

    Setspn –a MSSQLsvc/SQLA:1433 ad\itosmmt
    Setspn –a MSSQLsvc/SQLA.domain:1433 ad\itosmmt

    but now I could not access the SharePoint Central Administration page "

    Not Authorized


    HTTP Error 401. The requested resource requires user authentication.

    Is it one the command which broke my access ?

    I have still access through IIS locally on the server!!!

    Thanks,
    Dom


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Tuesday, March 27, 2012 4:19 PM

Answers

  • Hello,

    Trying to make SSRS available on SharePoint I pass the following commands:

    SharePoint Site:

    Setspn –a http://teams.domain ad\ad\svcSPTeamApPool
    Setspn –a http://teams ad\ad\svcSPTeamApPool

    Central Administrator:

    Setspn –a http://ap1:3323/default.aspx ad\ad\svcSPTeamApPool
    setspn –a http://ap1.domain:3323/default.aspx ad\ad\svcSPTeamApPool

    I think your syntax is wrong. And why do you type in the ad\ domain twice before the service account?

    I would think it should look like:
    Setspn -a HTTP/teams ad\svcSPTeamApPool
    Setspn -a HTTP/teams.domainname ad\svcSPTeamApPool

    Setspn -a HTTP/ap1:3323 ad\svcSPTeamApPool
    Setspn -a HTTP/ap1.domainname:3323 ad\svcSPTeamApPool

    • Marked as answer by Felyjos Friday, April 6, 2012 11:21 PM
    Tuesday, March 27, 2012 7:09 PM

All replies

  • Hello,

    Trying to make SSRS available on SharePoint I pass the following commands:

    SharePoint Site:

    Setspn –a http://teams.domain ad\ad\svcSPTeamApPool
    Setspn –a http://teams ad\ad\svcSPTeamApPool

    Central Administrator:

    Setspn –a http://ap1:3323/default.aspx ad\ad\svcSPTeamApPool
    setspn –a http://ap1.domain:3323/default.aspx ad\ad\svcSPTeamApPool

    I think your syntax is wrong. And why do you type in the ad\ domain twice before the service account?

    I would think it should look like:
    Setspn -a HTTP/teams ad\svcSPTeamApPool
    Setspn -a HTTP/teams.domainname ad\svcSPTeamApPool

    Setspn -a HTTP/ap1:3323 ad\svcSPTeamApPool
    Setspn -a HTTP/ap1.domainname:3323 ad\svcSPTeamApPool

    • Marked as answer by Felyjos Friday, April 6, 2012 11:21 PM
    Tuesday, March 27, 2012 7:09 PM
  • Yes I noticed when typing I was having double "ad", I typed with only one "ad" but still the same issue.

    IISRESET

    REBOOTING the server

    nothing chnaged...

    Thanks,

    DOm


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Tuesday, March 27, 2012 7:17 PM
  • Did you go into AD and enable the service accounts to be trusted for delegation?  Is svcSPTeamApPool the service account that the Central Administration application pool runs under?


    • Edited by tyrone888 Tuesday, March 27, 2012 7:32 PM
    Tuesday, March 27, 2012 7:30 PM
  • Hello,

    svcITOSMMT is the service running the SSRS. No delegation.

    No, SharePoint Central Administrationv3 Application Pool is running under svcspadm. No delegation.

    svcSPTeamApPool is running WSSTeamAppPool. No delegation.

    As my reports are under:

    http://teams.mednet.ucla.edu/sites/ITOSMMT/Reports/Forms/AllItems.aspx

    should I run another SETSPN ?

    SETSPN -a http://teams.mednet.ucla.edu/sites/ITOSMMT/Reports/ ad\svcspadm

    or

    SETSPN -a http://teams.mednet.ucla.edu/sites/ITOSMMT/ ad\svcspadm

    or

    SETSPN -a http://teams.mednet.ucla.edu/ ad\svcspadm

    should I add the delegation?

    Any service to retart after these changes?

    How to cancel the "setspn" previously" passed if they were wrong? setspn -r hostname (server name ? account name?)

    how to identify the couple service count/site to remove and not removing all others?

    C:\Users\dominiqued>setspn -l svcspteamappool
    Registered ServicePrincipalNames for CN=svcSPTeamApPool,OU=Service Accounts,DC=a
    d,DC=domain:
            http/mbspap1
            http/mbspap1.ad.domain             http/teams.ad.domain
            http/teams
            http://teams
            http://teams.domain

    C:\Users\dominiqued>setspn -l svcitosmmt
    Registered ServicePrincipalNames for CN=svcITOSMMT SS. svcITOSMMT,OU=Service Acc
    ounts,DC=ad,DC=domain:
            http/teams
            http/teams.ad.domain
            http/mbspap1.ad.domain
            http/mbspap1
            http/mbspap1.ad.domain/ITOSMMT
            http/mbspap1/ITOSMMT
            MSSQLsvc/MBSQLSPCLA.ad.domain:1433
            MSSQLsvc/MBSQLSPCLA:1433

    Any impact on the SharePoint Central Administration Console?

    Thanks,
    Dom


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    • Edited by Felyjos Tuesday, March 27, 2012 11:41 PM
    Tuesday, March 27, 2012 9:21 PM
  • Hello,

    Trying to find the service account to be used in the setspn... and also how to write the web site to be used in the command as well...

    Is it at the site level? web appalication level? collection level?

    Thanks,

    Dom


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Thursday, March 29, 2012 12:13 AM
  • ?bump?

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Saturday, March 31, 2012 5:36 AM
  • ? bump ?

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Monday, April 2, 2012 4:12 PM
  • Any news?

    Thanks,

    DOm


    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager


    • Edited by Felyjos Friday, April 6, 2012 11:18 PM
    Wednesday, April 4, 2012 7:41 PM
  • Still reviewing

    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Wednesday, May 2, 2012 1:40 PM