SharePoint 2010: How to Put Central Administration in Kerberos Authentication

SharePoint 2010: How to Put Central Administration in Kerberos Authentication

Remove Existing Central Administration site

Before you start, you have to know that your environment should be already configured for Kerberos Auth. I am only showing to you how to configure you're Central Administration in kerberos.

Navigate to Start Menu > All Programs > Microsoft Office Server > SharePoint Products & Technologies Configuration Wizard

 

  

 

Stop the services and Leave “Do NOT disconnect from this server farm” selected and click Next.

As last Select “Yes, I want to remove the web site from this machine” and click Next.

 

 

Recreate Central Administration site with Kerberos authentication

 

Navigate to Start Menu > All Programs > Microsoft Office Server > SharePoint Products & Technologies Configuration Wizard

 

 

 

Leave “Do NOT disconnect from this server farm” selected and click Next.

If asked, indicate that this server should host the central administration web application and click Next.

Check the checkbox next to “Specify port number” and enter a port number of 11660.

Select the Negotiate (Kerberos) authentication provider.

 

    

 

As last Update Alternate Access Mapping for Central Administration site, and set it to a user-friendly name, like http://centraladmin:11660

 And execute the command SetSPN with the highest administrator privileges.

 

  • Setspn.exe -A HTTP/centraladmin spdev\administrator                                            Site Name || Service Application Account
  • Setspn.exe -A HTTP/centraladmin.spdev.local spdev\administrator                         FULL FQDN Name || Service Application Account
  •  
  • Setspn.exe -A HTTP/srv-sql-01.spdev.local spdev\administrator                               SQL || Service Application Account
  • Setspn.exe -A HTTP/srv-app-01.spdev.local spdev\administrator                             APPLICATION || Service Application Account
  • Setspn.exe -A HTTP/srv-fe-01.spdev.local spdev\administrator                                WEB FRONTAL || Service Application Account
  • Setspn.exe -A HTTP/srv-dc-01.spdev.local spdev\administrator                                DC || Service Application Account



If you have other servers, put them in the list.

Again, for Kerberos Authentication, do not forget to put your site in "local intranet site"..

Leave a Comment
  • Please add 5 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Gokan Ozcifci edited Revision 6. Comment: Change Content

  • Ed Price - MSFT edited Revision 4. Comment: Title and tags

  • Jewel Lambert edited Revision 2. Comment: Corrected spelling typos

  • Gokhan Ozcifci edited Revision 1. Comment: New Account

  • Craig Lussier edited Original. Comment: added en-US to tags and title

Page 1 of 1 (5 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • I got mine working by editing the web app the normal way, why all the extra steps?

  • Chris,

    You're environment should be "able" to use Kerberos Authentication..

    You only said to you're WEB APP "use Kerberos" .. and nothing else..

    There are a lot of things to do before using Kerberos.. You will receive a ticket who will aviable 10 hours and you will not authentiate again ..

    You should configure each server, user with AD ( delegete ) and command's like SETSPN ..

    I don't think you are using Kerberos Authentication, OR you're enviremement was and is ready for Kerberos ..

  • Craig Lussier edited Original. Comment: added en-US to tags and title

  • Gokhan Ozcifci edited Revision 1. Comment: New Account

  • Jewel Lambert edited Revision 2. Comment: Corrected spelling typos

  • Ed Price - MSFT edited Revision 4. Comment: Title and tags

  • Gokan Ozcifci edited Revision 6. Comment: Change Content

Page 1 of 1 (7 items)