none
Does C2WTS work on a single server install??

    Question

  • Getting organized to install and validate Kerberos constrained delegation, including protocol transition to support extranet/intranet access to SharePoint 2010 to support multi-hop to back end databases and other services.

    However, in the SP2010 Kerberos Guide (doc and internet page) it states....

     For instance, a single server install does not support the Windows Identity Foundation C2WTS services so claims to windows token delegation scenarios are not possible with this farm configuration.

    Have been unable to confirm via searching the web, but if this is true then that's a very substantial limitation. If true, what is the minimum configuration that does support (e.g. SP WFE/App server and separate SQL Server? Or have to go to separate WFE, App and SQL Server)

     

    Neil T.


    Neil Thomson
    Thursday, June 30, 2011 8:30 PM

Answers

  • Hi,

     

    According to your narration, you want to know if the following sentence is true.

     

    For instance, a single server install does not support the Windows Identity Foundation C2WTS services so claims to windows token delegation scenarios are not possible with this farm configuration.

     

    As far as I know, it not true. You can revert C2WTS to run as Local System. In my opinion, they are just best practices.

     

    Thanks,

    Rock Wang


    Regards, Rock Wang Microsoft Online Community Support
    • Marked as answer by Wayne Fan Thursday, July 07, 2011 9:23 AM
    Tuesday, July 05, 2011 9:30 AM
  • I'm not sure that configuration has been rigorously tested. The statement is saying that C2WTS isn't supported in a single server install but, why wouldn't it work? If the service starts in your installation, you should have no problems. This statement could simply be referring to the "Standalone" install option, not a single server farm.
    Wahid Saleemi Sr. Consultant, Avanade http://www.wahidsaleemi.com
    • Marked as answer by Wayne Fan Thursday, July 07, 2011 9:23 AM
    Tuesday, July 05, 2011 4:05 PM

All replies

  • Hi,

     

    According to your narration, you want to know if the following sentence is true.

     

    For instance, a single server install does not support the Windows Identity Foundation C2WTS services so claims to windows token delegation scenarios are not possible with this farm configuration.

     

    As far as I know, it not true. You can revert C2WTS to run as Local System. In my opinion, they are just best practices.

     

    Thanks,

    Rock Wang


    Regards, Rock Wang Microsoft Online Community Support
    • Marked as answer by Wayne Fan Thursday, July 07, 2011 9:23 AM
    Tuesday, July 05, 2011 9:30 AM
  • The question wasn't about running as a domain or local account, it's about how many "machines"/servers are required in a SharePoint 2010 farm to support C2WTS. The statement implies that you can't do this with a single server having SharePoint with Windows Front End and Application server (and SQL Server) all on the same server.
    Neil Thomson
    Tuesday, July 05, 2011 1:59 PM
  • I'm not sure that configuration has been rigorously tested. The statement is saying that C2WTS isn't supported in a single server install but, why wouldn't it work? If the service starts in your installation, you should have no problems. This statement could simply be referring to the "Standalone" install option, not a single server farm.
    Wahid Saleemi Sr. Consultant, Avanade http://www.wahidsaleemi.com
    • Marked as answer by Wayne Fan Thursday, July 07, 2011 9:23 AM
    Tuesday, July 05, 2011 4:05 PM
  • I confirm that if you us Local System as the user for C2WTS you will be able to make it work on a Single Server installation.

    You don't even need to configure delegation for the server running C2WTS (ex. ServerName$ in AD).

    You will be able to use data security in SSAS even in SharePoint is configured with Claims.

    I wrote a full blog post here (but it's in French):

    http://samsonfr.wordpress.com/2014/01/17/oui-vous-pouvez-utiliser-c2wts-sur-un-serveur-unique-single-server-install-avec-sharepoint-2013/

    Frederick

    Friday, January 17, 2014 2:16 PM