So you've taken time and built a farm, but you still wonder how do I test all of this? Well stay tuned this week I am going begin writing a series on how to test each and every service application that ships with SharePoint 2010. I hope that this will become a good resource for those of you, who like myself, would like to be able to test their farm and ensure it is running properly before releasing it to end users. I will update this post as I release new articles in this series with links to each article.
Before testing applications setup a secure store: http://matthewchurilla.blogspot.com/2012/03/configuring-secure-store.html
Testing Access Services: http://matthewchurilla.blogspot.com/2012/03/testing-access-services.html
Tuesday, February 21, 2012
Thursday, February 9, 2012
Central Administration Prompts for Credentials
I stumbled across a quirky
authentication issue when we enabled Kerberos on our Central Administration Web
Applications for SharePoint 2010. Every time we launched Central Administration
using the link provided on the start menu we would be prompted for credential
entry, and everytime credentials were entered they would fail even if they were entered correctly. After double checking the SPNs it was obvious they were setup properly
and Kerberos authentication should have been logging us in automatically.
It turns out the problem here is
somewhat related to another issue I posted about with our CRM environment (http://matthewchurilla.blogspot.com/2012/01/outlook-plugin-is-nice-feature-of.html).
At first I looked at the command that was getting executed by the menu link and
it was pointing to psconfigui.exe so it was hard to tell what was happening
there. Next I opened internet explorer and found the Central
Administration URL had been added to trusted sites and trusted sites does not
automatically login users, only the intranet zone does this. It occured to me that psconfigui.exe must do something similar to what I discovered the CRM Outlook
plugin doing. In an attempt to be helpful it is adding the Central
Administration URL to trusted sites but unfortunately when the URL is in trusted
sites kerberos integrated authentication does not work. The solution to this problem is
as simple as it was for CRM you just need to follow this process:
- Find the URL that got added to trusted sites and remove it.
- Internet Options -> Security -> Trusted Sites -> Sites
- Open Local Intranet configuration and add the URL you just removed from trusted sites. Make sure the URL matches exactly. If you removed http://machine from trusted sites then add http://machine to local intranet sites. If you removed http://machine.fqdn from trusted sites than add http://machine.fqdn to local intranet sites.
- Internet Options -> Security -> Local Intranet -> Sites -> Advanced
- Launch Central Administration using the start menu link; everything should work fine.
Subscribe to:
Posts (Atom)