Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (eMicrosoft Partne)
  • When: 25 Jan 2012 12:54 AM
  • Last revision by (eMicrosoft Partne)
  • When: 10 Jul 2013 11:31 AM
  • Revisions: 8
  • Comments: 7
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  SharePoint 2010: How to Put Central Administration in Kerberos Authentication

SharePoint 2010: How to Put Central Administration in Kerberos Authentication

SharePoint 2010: How to Put Central Administration in Kerberos Authentication

Remove Existing Central Administration site

Before you start, you have to know that your environment should be already configured for Kerberos Auth. I am only showing to you how to configure you're Central Administration in kerberos.

Navigate to Start Menu > All Programs > Microsoft Office Server > SharePoint Products & Technologies Configuration Wizard

 

  

 

Stop the services and Leave “Do NOT disconnect from this server farm” selected and click Next.

As last Select “Yes, I want to remove the web site from this machine” and click Next.

 

 

Recreate Central Administration site with Kerberos authentication

 

Navigate to Start Menu > All Programs > Microsoft Office Server > SharePoint Products & Technologies Configuration Wizard

 

 

 

Leave “Do NOT disconnect from this server farm” selected and click Next.

If asked, indicate that this server should host the central administration web application and click Next.

Check the checkbox next to “Specify port number” and enter a port number of 11660.

Select the Negotiate (Kerberos) authentication provider.

 

    

 

As last Update Alternate Access Mapping for Central Administration site, and set it to a user-friendly name, like http://centraladmin:11660

 And execute the command SetSPN with the highest administrator privileges.

 

  • Setspn.exe -A HTTP/centraladmin spdev\administrator                                            Site Name || Service Application Account
  • Setspn.exe -A HTTP/centraladmin.spdev.local spdev\administrator                         FULL FQDN Name || Service Application Account
  •  
  • Setspn.exe -A HTTP/srv-sql-01.spdev.local spdev\administrator                               SQL || Service Application Account
  • Setspn.exe -A HTTP/srv-app-01.spdev.local spdev\administrator                             APPLICATION || Service Application Account
  • Setspn.exe -A HTTP/srv-fe-01.spdev.local spdev\administrator                                WEB FRONTAL || Service Application Account
  • Setspn.exe -A HTTP/srv-dc-01.spdev.local spdev\administrator                                DC || Service Application Account



If you have other servers, put them in the list.

Again, for Kerberos Authentication, do not forget to put your site in "local intranet site"..

, , , , , , , [Edit tags]
Leave a Comment
  • Please add 6 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 10 Jul 2013 11:31 AM

    Gokan Ozcifci edited Revision 6. Comment: Change Content

  • 8 Jul 2013 5:18 PM

    Ed Price - MSFT edited Revision 4. Comment: Title and tags

  • 31 Mar 2012 11:13 AM

    Jewel Lambert edited Revision 2. Comment: Corrected spelling typos

  • 19 Feb 2012 1:27 AM

    Gokhan Ozcifci edited Revision 1. Comment: New Account

  • 18 Feb 2012 6:24 PM

    Craig Lussier edited Original. Comment: added en-US to tags and title

Page 1 of 1 (5 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 11 Feb 2012 3:19 AM

    I got mine working by editing the web app the normal way, why all the extra steps?

  • Posted by
    on 13 Feb 2012 1:03 AM

    Chris,

    You're environment should be "able" to use Kerberos Authentication..

    You only said to you're WEB APP "use Kerberos" .. and nothing else..

    There are a lot of things to do before using Kerberos.. You will receive a ticket who will aviable 10 hours and you will not authentiate again ..

    You should configure each server, user with AD ( delegete ) and command's like SETSPN ..

    I don't think you are using Kerberos Authentication, OR you're enviremement was and is ready for Kerberos ..

  • Posted by
    on 18 Feb 2012 6:24 PM

    Craig Lussier edited Original. Comment: added en-US to tags and title

  • Posted by
    on 19 Feb 2012 1:27 AM

    Gokhan Ozcifci edited Revision 1. Comment: New Account

  • Posted by
    on 31 Mar 2012 11:13 AM

    Jewel Lambert edited Revision 2. Comment: Corrected spelling typos

  • Posted by
    on 8 Jul 2013 5:18 PM

    Ed Price - MSFT edited Revision 4. Comment: Title and tags

  • Posted by
    on 10 Jul 2013 11:31 AM

    Gokan Ozcifci edited Revision 6. Comment: Change Content

Page 1 of 1 (7 items)