On a normal SharePoint deployment I get all the web applications (central admin, SSP admin, My Sites and the portal site) working using Kerberos by setting SPNs, configuring the applications, and verifying everything is working okay by using Kerbtray. Similarly I set up SQL Server for Kerberos.
However one thing has always bothered me slightly: What about the web services of the SSP?
In Martin Kearn’s very thorough article he correctly states that you enable Kerberos with the following command:
stsadm –o setsharedwebserviceauthn –negotiate
On a single server farm this appears to work fine.
However if you perform this step on a multiple server farm, and then try to start the MOSS search service on subsequent servers in the farm, it will fail to start, giving an authentication error.
The problem is due to the Kerberos configuration for the SSP not being complete. Of course, how could it be, because we never set any SPNs? The solution is that there are several additional steps needed to configure Kerberos for the SSP. These additional steps can be found here:
http://technet.microsoft.com/en-us/library/cc263449.aspx#section14
Also I have also found the following document to be most useful when troubleshooting Kerberos errors:
0 Responses to “Cannot Start Search Service on Farm Servers – More Kerberos Fun!”