none
HPC and Kerberos Double Hop RRS feed

  • Question

  • I have what I assume is a Kerberos double hop issue. I am attempting to use the API on a C# MVC based intranet site. Everything worked fine while developing on my local machine, but having deployed to our test IIS server I now can no longer connect to HPC from a browser on my workstation with a message saying "Could not connect to the scheduler. The user may not be authorized to connect to the scheduler or the scheduler service might not be running". Doing an RDP to the IIS server itself and running a browser session from there works fine.

    We already have resolved the double hop issue with respect to SQL, which is now getting the credentials passed through, and therefore the IIS server is trusted for delegation in AD, and SPNs for SQL set up.

    I'm assuming it must be possible to overcome the double hop issue with HPC as well, and that logically I can't be the first person to hit this issue. I'm also guessing the bit that's missing is a suitable SPN at the headnode (all the HPC services are currently running as local system, although I can obviously change this if necessary), but I'm struggling to find any information as to how to do this.

    Tuesday, January 27, 2015 11:54 AM

All replies