locked
OCS web components IIS authentication issue RRS feed

All replies

  • The IP Address would use NTLM authentication

    the FQDN would use Kerberos Authentication
    You might have some issues with Service Principal Names records

    Use SetSPN to List SPNs

    Syntax for SetSPN.exe

    The syntax for SetSPN.exe is:

    setspn { -A SPN | -D SPN | -L } service_account

    Arguments

    -A Adds the specified SPN to the account.
    -D Deletes the specified SPN to the account.
    -L Lists all SPNs registered to the account.

    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Wednesday, July 8, 2009 4:27 PM
  • struggling a bit with this one.
    I have checked the SPNs and http/poolr2 and http/poolr2.domain.co.uk are registered to the DOMAIN\RTCComponentService account.

    Now I can browse the group expansion url as above but not expand the groups in Communicator.
    Also I now have a further error where Communicator clients cannot synchronise the address book. The address book url works as https://poolr2/Abs/Int/Handler/D-0c0b-0c0c.dabs but won't work using the fqdn of https://poolr2.domain.co.uk/Abs/Int/Handler/D-0c0b-0c0c.dabs

    There are lots of discussions about how to register and deregister different SPNs but no clear account of what the SPN's should be and what account they should be registered to. In my case the OCS server is called europa.domain.co.uk and the fqdn of the OCS pool is poolr2.domain.co.uk. Is there a straight forward way to straighten out IIS and the SPN's so everything just works?
    Friday, July 10, 2009 9:42 AM