Step 7: Perform FIM 2010 R2 Prerequisite Tasks -> errors RRS feed

  • Question

  • I have been going to through the setup and am running into some issues.  Whenever setting the Kerberos Ticket Decryption i am unable to restart the IIS services.  Is there something i am missing in the steps below or somewhere earlier. I have been following the guide to a T.

    •Configure IIS to Use CORP\SPService for Kerberos Ticket Decryption

    Configure IIS to Use CORP\SPService for Kerberos Ticket Decryption With the release of IIS 7.0 on Windows Server 2008 and IIS 7.5 on Windows Server 2008 R2 a new mode kernel-mode authentication was introduced. This means that the ticket for the responding service is decrypted using the Machine account (Local System) of the IIS Server. It no longer depends on the application pool Identity for this purpose by default. However, because SharePoint runs as a "farm" - even in single-server configurations - you have to run the site and authentication under the app pool account... AND still set up your SPN's. Also, we will be disabling kernel-mode authentication on the SharePoint server because kernel-mode authentication is currently not supported on SharePoint Foundation 2010 ( To configure IIS to use CORP\SPService for Ticket Decryption 1.Navigate to the following directory: C:\Windows\System32\inetsrv\config. 2.Locate the ApplicationHost.config file, right-click and select Open. This will bring up a pop-up that states Windows cannot open this file and it will have two options. Choose Select a program from a list of installed program, and click OK. 3.Select Notepad, and click OK. This will open the config file in Notepad. 4.At the top, select Edit, Find, type the following text in the box, and then click Find Next: windowsAuthentication enabled=”true” 5.You should now see the first instance and it will look like the Before image below. Insert useKernelMode=”false” useAppPoolCredentials=”true” in the line so it looks like the After image. 6.Click Find Next and repeat the above steps. There should be a total of three instances that need to have useKernelMode=”false” useAppPoolCredentials = “true” added. Two of the instances will have useKernelMode=”false” already present. Do not change these. Warning There will be instances of windowsAuthentication enabled=”false”. These can be ignored. We only want to change the ones that are set to true. 7.When you finish the last one, a window will pop-up and state that it cannot find windowsAuthentication enable=”true”. Click OK. 8.On the Find box, click Cancel. 9.At the top of Notepad, select Save. Close Notepad. 10.Click Start, click All Programs, click Accessories, and then click Command Prompt. This will launch a Command Prompt window. 11.In the Command Prompt window, type the following text, and then hit Enter: iisreset This will stop and then restart IIS. Once this completes, close the Command Prompt window.

    Sunday, March 10, 2013 7:43 PM