SlideShare uma empresa Scribd logo

Kerberos part 2

Spencer Harbar
Spencer Harbar
Tecnologia
1 de 28
Spencer Harbar Kerberos Part Two:“Advanced” Scenarios and Additional Considerations
About the speaker... Spencer Harbar - www.harbar.net | spence@harbar.net Microsoft Certified Master | SharePoint 2007 Microsoft Certified Master | SharePoint Instructor & Author Most Valuable Professional | SharePoint Server SharePoint Patterns & Practices Advisory Board Member 15 years in Enterprise IT ISPA Board Member Enterprise Architect working with Microsoft’s largestcustomers deploying Office SharePoint Server 2007.
About the speakers... Spencer Harbar - www.harbar.net | spence@harbar.net Microsoft Certified Master | SharePoint 2007 Microsoft Certified Master | SharePoint Instructor & Author Most Valuable Professional | SharePoint Server 15 years in Enterprise IT ISPA Board Member Bob Fox - www.spfoxhole.com/Blog/ | bfox11b@verizon.net Most Valuable Professional | SharePoint Services Specializing in SharePoint architecture and deployment B&R Business Solutions, LLC IT Professional with over 15 years experience ISPA Board Member
Agenda Two-part session Part One (you missed it!) Authentication Methodologies Kerberos Overview Why Kerberos with SharePoint? Implementing Kerberos with SharePoint Common Problems Best Practices Part Two (this session!) Troubleshooting Shared Service Providers Search “Advanced” Scenarios Kerberos Only? More Tools Q&A/Discussion
Troubleshooting
Windows Event Log ,[object Object]
First place to look
Sources
Kerberos
LSA
LsaSrv
Events include Kerberos Error Code
Document “Troubleshooting Kerberos Errors”
Includes Codes, Possible Causes, Resolutions
http://www.microsoft.com/downloads/details.aspx?FamilyID=7DFEB015-6043-47DB-8238-DC7AF89C93F1,[object Object]
Kerberos Auditing Enabled via Registry HKEY_LOCAL_MACHINEYSTEMurrentControlSetControlsaerberosarametersogLevel Value Type: REG_DWORD Value Data: 1 Don’t leave on! Document “Troubleshooting Kerberos Errors” Includes Codes, Possible Causes, Resolutions http://www.microsoft.com/downloads/details.aspx?FamilyID=7DFEB015-6043-47DB-8238-DC7AF89C93F1
Kerberos DebugView Enabled via Registry HKEY_LOCAL_MACHINEYSTEMurrentControlSetControlsaerberosarameterserbDebugLevel Value Type: DWORD Data: c0000043 (outputs the most standard set of debug messages) Try it first, If you still want to see more output, set it to ffffffff HKEY_LOCAL_MACHINEYSTEMurrentControlSetControlsaerberosarametersogToFile Type: DWORD Data: 1 Logs to %windir%ystem32sass.log Don’t leave on!
Network Monitor Or alternative network capture tools Wireshark, NetSniffer, EtherDetect etc Captures packets for analysis Filter Capture for Authentication Will include detailed Kerberos related traffic Document“Troubleshooting Kerberos Errors” Includes Codes, Possible Causes, Resolutions http://www.microsoft.com/downloads/details.aspx?FamilyID=7DFEB015-6043-47DB-8238-DC7AF89C93F1
The Great Load Balancing Myth “Kerberos doesn’t work with our Load Balancer” Load Balancers don’t know or care about Kerberos It’s not a Kerberos issue, it’s a addressing issue SharePoint Web Application Configuration Don’t use CNames (again!) Configure host name/host headers correctly Certain Load Balancers need to address hosts directly
Demonstration Troubleshooting Kerberos
Shared Services
Shared Services stsadm.exe –o setsharedwebserviceauthn-negotiate
Issues with Shared Services .NET client can’t bind to the server using non-default ports Without host headers SSP services use non default ports without host headers http://server:56737 & https://server:56738 Indexer can’t crawl Kerberos Web Applications on non default ports
>1 SSP with different identities Office Server Web Services SharedServices1 HTTP/server1 domainser1 Duplicate SPN’s! HTTP/server1 domainser2 SharedServices2
Shared Services Solution Install Infrastructure Updates (or later) on all servers in farm Add Registry KeyHKLMoftwareicrosoftffice Server2.0erberosSpnFormat Type: DWORD, Data: 1 Reboot! Configure SPNs (for each server in farm)MSSP/server1:56737/SharedServices1 MSSP/server1:56738/SharedServices1 Configure Shared Services stsadm.exe –o setsharedwebserviceauthn -negotiate
Shared Services Kernel Mode Authentication Requires same configuration as end user applications You cannot mix and match NTLM and Kerberos In the same Farm Despite appearances Central Admin setting is scoped to SSP All SSPs must either be NTLM or Kerberos
Demonstration Shared Services
“advanced scenarios”

Recomendados

DD105 Multi Tenancy in SharePoint 2010
DD105 Multi Tenancy in SharePoint 2010DD105 Multi Tenancy in SharePoint 2010
DD105 Multi Tenancy in SharePoint 2010Spencer Harbar
 
It112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersIt112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersSpencer Harbar
 
It114 Configuring SharePoint 2010 User Profile Sync
It114 Configuring SharePoint 2010 User Profile SyncIt114 Configuring SharePoint 2010 User Profile Sync
It114 Configuring SharePoint 2010 User Profile SyncSpencer Harbar
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
SPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsSPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsNCCOMMS
 
Designing for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsDesigning for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsRoy Kim
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 

Recomendados

DD105 Multi Tenancy in SharePoint 2010
DD105 Multi Tenancy in SharePoint 2010DD105 Multi Tenancy in SharePoint 2010
DD105 Multi Tenancy in SharePoint 2010Spencer Harbar
 
It112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersIt112 SharePoint 2010 Mythbusters
It112 SharePoint 2010 MythbustersSpencer Harbar
 
It114 Configuring SharePoint 2010 User Profile Sync
It114 Configuring SharePoint 2010 User Profile SyncIt114 Configuring SharePoint 2010 User Profile Sync
It114 Configuring SharePoint 2010 User Profile SyncSpencer Harbar
 
DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010DD109 Claims Based AuthN in SharePoint 2010
DD109 Claims Based AuthN in SharePoint 2010Spencer Harbar
 
SPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsSPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsNCCOMMS
 
Designing for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsDesigning for SharePoint Provider Hosted Apps
Designing for SharePoint Provider Hosted AppsRoy Kim
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
OFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudyOFM AIA FP Implementation View and Case Study
OFM AIA FP Implementation View and Case StudySreenivasa Setty
 
Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Sharepoint And Clearspace
Sharepoint And ClearspaceSharepoint And Clearspace
Sharepoint And ClearspaceSaurabh Raisinghani
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
Adfs azure
Adfs azureAdfs azure
Adfs azureJethro Seghers
 
SPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantSPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantNCCOMMS
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Developing a Provider Hosted SharePoint app
Developing a Provider Hosted SharePoint appDeveloping a Provider Hosted SharePoint app
Developing a Provider Hosted SharePoint appTalbott Crowell
 
O365Con18 - Running SharePoint on Azure Tips - Jared Shockley
O365Con18 - Running SharePoint on Azure Tips - Jared ShockleyO365Con18 - Running SharePoint on Azure Tips - Jared Shockley
O365Con18 - Running SharePoint on Azure Tips - Jared ShockleyNCCOMMS
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
[Wilen] Enriching conversations with your data in Microsoft Teams
[Wilen] Enriching conversations with your data in Microsoft Teams[Wilen] Enriching conversations with your data in Microsoft Teams
[Wilen] Enriching conversations with your data in Microsoft TeamsEuropean Collaboration Summit
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersEric Shupps
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIGet Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Eric Shupps
 
Introduction to Office and SharePoint Development
Introduction to Office and SharePoint DevelopmentIntroduction to Office and SharePoint Development
Introduction to Office and SharePoint DevelopmentEric Shupps
 
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep DiveECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep DiveEuropean Collaboration Summit
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development WorkshopEric Shupps
 
Office 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC RestonOffice 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC Restonamitvasu
 
Gerald Ibarreta CV
Gerald Ibarreta CVGerald Ibarreta CV
Gerald Ibarreta CVGerald Francis Ibarreta
 
弱溶劑型塗料用 氟碳素樹脂的開發與應用
弱溶劑型塗料用 氟碳素樹脂的開發與應用弱溶劑型塗料用 氟碳素樹脂的開發與應用
弱溶劑型塗料用 氟碳素樹脂的開發與應用Peter Chen
 

Mais conteúdo relacionado

Mais procurados

Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsamitchachra
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxfordguestd9aa5
 
SPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantSPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantNCCOMMS
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Developing a Provider Hosted SharePoint app
Developing a Provider Hosted SharePoint appDeveloping a Provider Hosted SharePoint app
Developing a Provider Hosted SharePoint appTalbott Crowell
 
O365Con18 - Running SharePoint on Azure Tips - Jared Shockley
O365Con18 - Running SharePoint on Azure Tips - Jared ShockleyO365Con18 - Running SharePoint on Azure Tips - Jared Shockley
O365Con18 - Running SharePoint on Azure Tips - Jared ShockleyNCCOMMS
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
[Wilen] Enriching conversations with your data in Microsoft Teams
[Wilen] Enriching conversations with your data in Microsoft Teams[Wilen] Enriching conversations with your data in Microsoft Teams
[Wilen] Enriching conversations with your data in Microsoft TeamsEuropean Collaboration Summit
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersEric Shupps
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365InnoTech
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIGet Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIEric Shupps
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Eric Shupps
 
Introduction to Office and SharePoint Development
Introduction to Office and SharePoint DevelopmentIntroduction to Office and SharePoint Development
Introduction to Office and SharePoint DevelopmentEric Shupps
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development WorkshopEric Shupps
 
Office 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC RestonOffice 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC Restonamitvasu
 

Mais procurados (20)

Office 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfsOffice 365-single-sign-on-with-adfs
Office 365-single-sign-on-with-adfs
 
Sharepoint And Clearspace
Sharepoint And ClearspaceSharepoint And Clearspace
Sharepoint And Clearspace
 
Adfs Shib Interop Um Oxford
Adfs Shib Interop Um OxfordAdfs Shib Interop Um Oxford
Adfs Shib Interop Um Oxford
 
Adfs azure
Adfs azureAdfs azure
Adfs azure
 
SPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantSPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You Want
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Developing a Provider Hosted SharePoint app
Developing a Provider Hosted SharePoint appDeveloping a Provider Hosted SharePoint app
Developing a Provider Hosted SharePoint app
 
O365Con18 - Running SharePoint on Azure Tips - Jared Shockley
O365Con18 - Running SharePoint on Azure Tips - Jared ShockleyO365Con18 - Running SharePoint on Azure Tips - Jared Shockley
O365Con18 - Running SharePoint on Azure Tips - Jared Shockley
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
[Wilen] Enriching conversations with your data in Microsoft Teams
[Wilen] Enriching conversations with your data in Microsoft Teams[Wilen] Enriching conversations with your data in Microsoft Teams
[Wilen] Enriching conversations with your data in Microsoft Teams
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint Developers
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
 
Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365Directory Synchronization Single Sign-On in Office 365
Directory Synchronization Single Sign-On in Office 365
 
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST APIGet Some Rest - Taking Advantage of the SharePoint 2013 REST API
Get Some Rest - Taking Advantage of the SharePoint 2013 REST API
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
 
Introduction to Office and SharePoint Development
Introduction to Office and SharePoint DevelopmentIntroduction to Office and SharePoint Development
Introduction to Office and SharePoint Development
 
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep DiveECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
 
Office 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC RestonOffice 365 directory synchronization - SPSDC Reston
Office 365 directory synchronization - SPSDC Reston
 

Destaque

弱溶劑型塗料用 氟碳素樹脂的開發與應用
弱溶劑型塗料用 氟碳素樹脂的開發與應用弱溶劑型塗料用 氟碳素樹脂的開發與應用
弱溶劑型塗料用 氟碳素樹脂的開發與應用Peter Chen
 
Russo Revelation on Mad Men Vol 1.7
Russo Revelation on Mad Men Vol 1.7Russo Revelation on Mad Men Vol 1.7
Russo Revelation on Mad Men Vol 1.7Jaci Russo
 
Жизнь в изоляции / Роман Дворнов (Avito)
Жизнь в изоляции / Роман Дворнов (Avito)Жизнь в изоляции / Роман Дворнов (Avito)
Жизнь в изоляции / Роман Дворнов (Avito)Ontico
 
Spring the Ripper by Evgeny Borisov
Spring the Ripper by Evgeny BorisovSpring the Ripper by Evgeny Borisov
Spring the Ripper by Evgeny BorisovJavaDayUA
 
React + Redux. Опыт использования
React + Redux. Опыт использованияReact + Redux. Опыт использования
React + Redux. Опыт использованияGDG Odessa
 
Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...
Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...
Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...Ontico
 
Программа лояльности B2B - тенденции, лучшие практики, кейсы
Программа лояльности B2B - тенденции, лучшие практики, кейсыПрограмма лояльности B2B - тенденции, лучшие практики, кейсы
Программа лояльности B2B - тенденции, лучшие практики, кейсыNGM
 
第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...
第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...
第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...Akihiko Kodama
 
Студия дизайна «Чипса» — игры разума, или как развивать студию дизайна
Студия дизайна «Чипса» — игры разума, или как развивать студию дизайнаСтудия дизайна «Чипса» — игры разума, или как развивать студию дизайна
Студия дизайна «Чипса» — игры разума, или как развивать студию дизайнаMaxim Kyshtymov
 
Apache HBase at Airbnb
Apache HBase at Airbnb Apache HBase at Airbnb
Apache HBase at Airbnb HBaseCon
 
13 Alternatives to Using Bullet Points in Presentations
13 Alternatives to Using Bullet Points in Presentations13 Alternatives to Using Bullet Points in Presentations
13 Alternatives to Using Bullet Points in PresentationsMelissa Milloway, MSIT
 
The Science of Memorable Presentations
The Science of Memorable PresentationsThe Science of Memorable Presentations
The Science of Memorable PresentationsEthos3
 
Hacking the Creative Brain - Web Directions 2015
Hacking the Creative Brain - Web Directions 2015Hacking the Creative Brain - Web Directions 2015
Hacking the Creative Brain - Web Directions 2015Denise Jacobs
 
Advanced Hadoop Tuning and Optimization - Hadoop Consulting
Advanced Hadoop Tuning and Optimization - Hadoop ConsultingAdvanced Hadoop Tuning and Optimization - Hadoop Consulting
Advanced Hadoop Tuning and Optimization - Hadoop ConsultingImpetus Technologies
 
Hadoop configuration & performance tuning
Hadoop configuration & performance tuningHadoop configuration & performance tuning
Hadoop configuration & performance tuningVitthal Gogate
 

Destaque (20)

Gerald Ibarreta CV
Gerald Ibarreta CVGerald Ibarreta CV
Gerald Ibarreta CV
 
弱溶劑型塗料用 氟碳素樹脂的開發與應用
弱溶劑型塗料用 氟碳素樹脂的開發與應用弱溶劑型塗料用 氟碳素樹脂的開發與應用
弱溶劑型塗料用 氟碳素樹脂的開發與應用
 
Russo Revelation on Mad Men Vol 1.7
Russo Revelation on Mad Men Vol 1.7Russo Revelation on Mad Men Vol 1.7
Russo Revelation on Mad Men Vol 1.7
 
Жизнь в изоляции / Роман Дворнов (Avito)
Жизнь в изоляции / Роман Дворнов (Avito)Жизнь в изоляции / Роман Дворнов (Avito)
Жизнь в изоляции / Роман Дворнов (Avito)
 
Enzymen 2e deel
Enzymen 2e deelEnzymen 2e deel
Enzymen 2e deel
 
Voortbeweging
VoortbewegingVoortbeweging
Voortbeweging
 
Spring the Ripper by Evgeny Borisov
Spring the Ripper by Evgeny BorisovSpring the Ripper by Evgeny Borisov
Spring the Ripper by Evgeny Borisov
 
React + Redux. Опыт использования
React + Redux. Опыт использованияReact + Redux. Опыт использования
React + Redux. Опыт использования
 
Hoofdstuk 11 deel 1
Hoofdstuk 11 deel 1Hoofdstuk 11 deel 1
Hoofdstuk 11 deel 1
 
Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...
Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...
Эволюция клиентской разработки от веба ко всеобщей мобилизации или mobile-fir...
 
Программа лояльности B2B - тенденции, лучшие практики, кейсы
Программа лояльности B2B - тенденции, лучшие практики, кейсыПрограмма лояльности B2B - тенденции, лучшие практики, кейсы
Программа лояльности B2B - тенденции, лучшие практики, кейсы
 
第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...
第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...
第59回 HTML5とか勉強会 ーIoT/WoT発表資料「Web Controller for V-Sido CONNECT:WebRTCとWebGLで作...
 
Студия дизайна «Чипса» — игры разума, или как развивать студию дизайна
Студия дизайна «Чипса» — игры разума, или как развивать студию дизайнаСтудия дизайна «Чипса» — игры разума, или как развивать студию дизайна
Студия дизайна «Чипса» — игры разума, или как развивать студию дизайна
 
Apache HBase at Airbnb
Apache HBase at Airbnb Apache HBase at Airbnb
Apache HBase at Airbnb
 
13 Alternatives to Using Bullet Points in Presentations
13 Alternatives to Using Bullet Points in Presentations13 Alternatives to Using Bullet Points in Presentations
13 Alternatives to Using Bullet Points in Presentations
 
Weapons of Influence
Weapons of InfluenceWeapons of Influence
Weapons of Influence
 
The Science of Memorable Presentations
The Science of Memorable PresentationsThe Science of Memorable Presentations
The Science of Memorable Presentations
 
Hacking the Creative Brain - Web Directions 2015
Hacking the Creative Brain - Web Directions 2015Hacking the Creative Brain - Web Directions 2015
Hacking the Creative Brain - Web Directions 2015
 
Advanced Hadoop Tuning and Optimization - Hadoop Consulting
Advanced Hadoop Tuning and Optimization - Hadoop ConsultingAdvanced Hadoop Tuning and Optimization - Hadoop Consulting
Advanced Hadoop Tuning and Optimization - Hadoop Consulting
 
Hadoop configuration & performance tuning
Hadoop configuration & performance tuningHadoop configuration & performance tuning
Hadoop configuration & performance tuning
 

Semelhante a Kerberos part 2

Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint ArchitectureMichael Noel
 
Roles y Responsabilidades en SQL Azure
Roles y Responsabilidades en SQL AzureRoles y Responsabilidades en SQL Azure
Roles y Responsabilidades en SQL AzureEduardo Castro
 
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...Knowledge Cue
 
Satish Chapekar Sys Admin
Satish Chapekar Sys AdminSatish Chapekar Sys Admin
Satish Chapekar Sys AdminSatish Chapekar
 
Decoupled cms sunshinephp 2014
Decoupled cms sunshinephp 2014Decoupled cms sunshinephp 2014
Decoupled cms sunshinephp 2014Lukas Smith
 
Build on AWS: Migrating And Platforming
Build on AWS: Migrating And PlatformingBuild on AWS: Migrating And Platforming
Build on AWS: Migrating And PlatformingAmazon Web Services
 
Optimize Your It Environment With An Hp Blade System Solution
Optimize Your It Environment With An Hp Blade System SolutionOptimize Your It Environment With An Hp Blade System Solution
Optimize Your It Environment With An Hp Blade System Solutionaljimenez
 
Build on AWS: Migrating and Platforming
Build on AWS: Migrating and PlatformingBuild on AWS: Migrating and Platforming
Build on AWS: Migrating and PlatformingAmazon Web Services
 
Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...
Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...
Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...corin29
 
Presentatie-Tech-talk.pptx
Presentatie-Tech-talk.pptxPresentatie-Tech-talk.pptx
Presentatie-Tech-talk.pptxrajeevrocks
 
Dev buchan leveraging
Dev buchan leveragingDev buchan leveraging
Dev buchan leveragingBill Buchan
 
Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...
Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...
Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...Joel Oleson
 
Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...
Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...
Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...Amazon Web Services
 
Patterns & Practices of Microservices
Patterns & Practices of MicroservicesPatterns & Practices of Microservices
Patterns & Practices of MicroservicesWesley Reisz
 
Managing Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudManaging Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudCloudBees
 
active directory fundamental for the beginner
active directory fundamental for the beginneractive directory fundamental for the beginner
active directory fundamental for the beginnerRivelynN
 

Semelhante a Kerberos part 2 (20)

Kerberos part 1
Kerberos part 1Kerberos part 1
Kerberos part 1
 
Best Practice SharePoint Architecture
Best Practice SharePoint ArchitectureBest Practice SharePoint Architecture
Best Practice SharePoint Architecture
 
Roles y Responsabilidades en SQL Azure
Roles y Responsabilidades en SQL AzureRoles y Responsabilidades en SQL Azure
Roles y Responsabilidades en SQL Azure
 
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...
SharePoint 2010 best practices for infrastructure deployments SharePoint Sat...
 
Satish Chapekar Sys Admin
Satish Chapekar Sys AdminSatish Chapekar Sys Admin
Satish Chapekar Sys Admin
 
Decoupled cms sunshinephp 2014
Decoupled cms sunshinephp 2014Decoupled cms sunshinephp 2014
Decoupled cms sunshinephp 2014
 
Build on AWS: Migrating And Platforming
Build on AWS: Migrating And PlatformingBuild on AWS: Migrating And Platforming
Build on AWS: Migrating And Platforming
 
Optimize Your It Environment With An Hp Blade System Solution
Optimize Your It Environment With An Hp Blade System SolutionOptimize Your It Environment With An Hp Blade System Solution
Optimize Your It Environment With An Hp Blade System Solution
 
Build on AWS: Migrating and Platforming
Build on AWS: Migrating and PlatformingBuild on AWS: Migrating and Platforming
Build on AWS: Migrating and Platforming
 
Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...
Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...
Tipstricksandbestpracticesformanagingmicrosoftofficesharepointserver2007 0905...
 
Kerberos
KerberosKerberos
Kerberos
 
Presentatie-Tech-talk.pptx
Presentatie-Tech-talk.pptxPresentatie-Tech-talk.pptx
Presentatie-Tech-talk.pptx
 
Dev buchan leveraging
Dev buchan leveragingDev buchan leveraging
Dev buchan leveraging
 
Technical Envirment Johan Olsson
Technical Envirment Johan OlssonTechnical Envirment Johan Olsson
Technical Envirment Johan Olsson
 
Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...
Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...
Teched Middle East New World of SharePoint 2010 Administration with Joel Oles...
 
Move to azure
Move to azureMove to azure
Move to azure
 
Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...
Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...
Orchestrating Machine Learning Training for Netflix Recommendations - MCL317 ...
 
Patterns & Practices of Microservices
Patterns & Practices of MicroservicesPatterns & Practices of Microservices
Patterns & Practices of Microservices
 
Managing Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the CloudManaging Software from Development to Deployment in the Cloud
Managing Software from Development to Deployment in the Cloud
 
active directory fundamental for the beginner
active directory fundamental for the beginneractive directory fundamental for the beginner
active directory fundamental for the beginner
 

Último

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Último (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Kerberos part 2

  • 1. Spencer Harbar Kerberos Part Two:“Advanced” Scenarios and Additional Considerations
  • 2. About the speaker... Spencer Harbar - www.harbar.net | spence@harbar.net Microsoft Certified Master | SharePoint 2007 Microsoft Certified Master | SharePoint Instructor & Author Most Valuable Professional | SharePoint Server SharePoint Patterns & Practices Advisory Board Member 15 years in Enterprise IT ISPA Board Member Enterprise Architect working with Microsoft’s largestcustomers deploying Office SharePoint Server 2007.
  • 3. About the speakers... Spencer Harbar - www.harbar.net | spence@harbar.net Microsoft Certified Master | SharePoint 2007 Microsoft Certified Master | SharePoint Instructor & Author Most Valuable Professional | SharePoint Server 15 years in Enterprise IT ISPA Board Member Bob Fox - www.spfoxhole.com/Blog/ | bfox11b@verizon.net Most Valuable Professional | SharePoint Services Specializing in SharePoint architecture and deployment B&R Business Solutions, LLC IT Professional with over 15 years experience ISPA Board Member
  • 4. Agenda Two-part session Part One (you missed it!) Authentication Methodologies Kerberos Overview Why Kerberos with SharePoint? Implementing Kerberos with SharePoint Common Problems Best Practices Part Two (this session!) Troubleshooting Shared Service Providers Search “Advanced” Scenarios Kerberos Only? More Tools Q&A/Discussion
  • 6.
  • 10. LSA
  • 14. Includes Codes, Possible Causes, Resolutions
  • 15.
  • 16. Kerberos Auditing Enabled via Registry HKEY_LOCAL_MACHINEYSTEMurrentControlSetControlsaerberosarametersogLevel Value Type: REG_DWORD Value Data: 1 Don’t leave on! Document “Troubleshooting Kerberos Errors” Includes Codes, Possible Causes, Resolutions http://www.microsoft.com/downloads/details.aspx?FamilyID=7DFEB015-6043-47DB-8238-DC7AF89C93F1
  • 17. Kerberos DebugView Enabled via Registry HKEY_LOCAL_MACHINEYSTEMurrentControlSetControlsaerberosarameterserbDebugLevel Value Type: DWORD Data: c0000043 (outputs the most standard set of debug messages) Try it first, If you still want to see more output, set it to ffffffff HKEY_LOCAL_MACHINEYSTEMurrentControlSetControlsaerberosarametersogToFile Type: DWORD Data: 1 Logs to %windir%ystem32sass.log Don’t leave on!
  • 18. Network Monitor Or alternative network capture tools Wireshark, NetSniffer, EtherDetect etc Captures packets for analysis Filter Capture for Authentication Will include detailed Kerberos related traffic Document“Troubleshooting Kerberos Errors” Includes Codes, Possible Causes, Resolutions http://www.microsoft.com/downloads/details.aspx?FamilyID=7DFEB015-6043-47DB-8238-DC7AF89C93F1
  • 19. The Great Load Balancing Myth “Kerberos doesn’t work with our Load Balancer” Load Balancers don’t know or care about Kerberos It’s not a Kerberos issue, it’s a addressing issue SharePoint Web Application Configuration Don’t use CNames (again!) Configure host name/host headers correctly Certain Load Balancers need to address hosts directly
  • 22. Shared Services stsadm.exe –o setsharedwebserviceauthn-negotiate
  • 23. Issues with Shared Services .NET client can’t bind to the server using non-default ports Without host headers SSP services use non default ports without host headers http://server:56737 & https://server:56738 Indexer can’t crawl Kerberos Web Applications on non default ports
  • 24. >1 SSP with different identities Office Server Web Services SharedServices1 HTTP/server1 domainser1 Duplicate SPN’s! HTTP/server1 domainser2 SharedServices2
  • 25. Shared Services Solution Install Infrastructure Updates (or later) on all servers in farm Add Registry KeyHKLMoftwareicrosoftffice Server2.0erberosSpnFormat Type: DWORD, Data: 1 Reboot! Configure SPNs (for each server in farm)MSSP/server1:56737/SharedServices1 MSSP/server1:56738/SharedServices1 Configure Shared Services stsadm.exe –o setsharedwebserviceauthn -negotiate
  • 26. Shared Services Kernel Mode Authentication Requires same configuration as end user applications You cannot mix and match NTLM and Kerberos In the same Farm Despite appearances Central Admin setting is scoped to SSP All SSPs must either be NTLM or Kerberos
  • 29. Delegation to External Apps All depends upon the application Potential for additional configuration “Middle Tier” Host Delegation Example SQL Server Reporting Services Host delegation if RS is on separate machines Web.config & RSReportServer.config
  • 30. Excel Services Do NOT follow KB953130! Easily the worst security KB ever authored Details a single MOSS server configuration! Just plain wrong, many steps unnecessary DCOM Configuration, Computer Account Delegation, etc OOTB Excel Services is a simple delegation scenario Configure Web App Application Pool account fordelegation to SSP SPN stsadm.exe -o set-ecssecurity -ssp %SSPNAME% -accessmodel delegation
  • 31. Excel Services & Analysis Services A more common scenario Leveraging Data Connections When using with Analysis Services Additional Configuration Service Principal Names for Analysis Services MSOLAPSvc.3/HOST MSOLAPSvc.3/HOST:instance Middle Tier Delegation MSKB 917409
  • 33. Kerberos Only? IIS uses NTLM, Negotiate, or both NTAuthenticationProviders = “Negotiate” Does not mean Kerberos only Negotiate will always “fall back” to NTLM HTTP_AUTHORIZATION server variable Can be leveraged in HttpModule Unsupported IIS7 in Windows Server 2008 R2 supports Nego2 allows granular Kerberos/NTLM enablement Requires Windows 7 clients
  • 34. Essential Tools CLI: Setspn.exe Windows Server 2008: installed by default Windows Server 2003: part of Resource Kit or separate downloadhttp://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd GUI: Adsiedit.msc Windows Server 2008: installed by default Windows Server 2003: part of support tools (on Windows CD) Kerbtray.exehttp://www.microsoft.com/downloads/details.aspx?familyid=4E3A58BE-29F6-49F6-85BE-E866AF8E7A88 Klist.exehttp://www.microsoft.com/DownLoads/details.aspx?familyid=1581E6E7-7E64-4A2D-8ABA-73E909D2A7DC Both part of the Windows 2003 Resource Kit Toolshttp://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd Network Monitor 3.3http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f Fiddlerhttp://www.fiddlertool.com/DelegConfighttp://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1434http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1887
  • 37. Thank You! Please complete your evaluations It makes us better next time!

Notas do Editor

  1. SPENCE WILL KICK OFF
  2. SPENCE & BOB
  3. Spence
  4. Spence Demo
  5. Bob
  6. Spence Demo
  7. Spence
  8. Spence
  9. Spence Demo
  10. Spence