After installing all the components you may see lot of errors showing in configuration wizard. Few of the follwing steps will help you to solve the issues (esp. see if there are any Kerbero's issues).
1. To see System Stored userids, run the following line in Run window (delete if you find any, with caution)
To do: rundll32.exe keymgr.dll,KRShowKeyMgr
2. SPNs check
To do: setspn -l domain/service_account
ex: setspn -l gs/service_admin
3. Duplicate SPNs check
To do: 1. setspn -x
It lists out all the SPNs in the environment in DOS console
2. setspn -x > D:\test\log.txt
It writes all the SPNs list to a file specified in the directory path as shown above.
4. DelegConfig download (try in google)
To do: Search in google with the word DelegConfig you will get the links to download this app.
Here is one link:
http://www.iis.net/community/default.aspx?tabid=34&g=6&i=1887
Download it and createe a virtual directory under IIS. Open the site and that takes you through all the config settings, and shows the status of Kerberoes setup configuration.
5. Service Account Delegation Setup
To do: K2 Service account needs to be delegated with SharePoint App pool (identity) account in Active Directory. (This solves the 401 unauthorization Kerberos issue for Blakpearl– SharePoint communication, like through the smart objects).
You may not have all these issues but if you find that there is something going wrong with your installation, you can find this information helpful to trouble shoot.
1. To see System Stored userids, run the following line in Run window (delete if you find any, with caution)
To do: rundll32.exe keymgr.dll,KRShowKeyMgr
2. SPNs check
To do: setspn -l domain/service_account
ex: setspn -l gs/service_admin
3. Duplicate SPNs check
To do: 1. setspn -x
It lists out all the SPNs in the environment in DOS console
2. setspn -x > D:\test\log.txt
It writes all the SPNs list to a file specified in the directory path as shown above.
4. DelegConfig download (try in google)
To do: Search in google with the word DelegConfig you will get the links to download this app.
Here is one link:
http://www.iis.net/community/default.aspx?tabid=34&g=6&i=1887
Download it and createe a virtual directory under IIS. Open the site and that takes you through all the config settings, and shows the status of Kerberoes setup configuration.
5. Service Account Delegation Setup
To do: K2 Service account needs to be delegated with SharePoint App pool (identity) account in Active Directory. (This solves the 401 unauthorization Kerberos issue for Blakpearl– SharePoint communication, like through the smart objects).
You may not have all these issues but if you find that there is something going wrong with your installation, you can find this information helpful to trouble shoot.
No comments:
Post a Comment