Kerberos Double Hop for Sharepoint/CRM

Posted by (JavaScript must be enabled to view this email address) on Wed 11 Mar 2009

On our Windows 2008 infrastructure we had a major issue trying to get CRM and SharePoint 2007 to work as we expected.  The main issue was down to the Kerberos double hop issue which is ever present in Windows 2008 (Microsoft love to make things difficult for us); after some errorlog tracing we were able to find that there were several duplicate SPN’s:

1.    0x29 KRB_AP_ERR_MODIFIED
2.    0x19 KDC_ERR_PREAUTH_REQUIRED
3.    0xd KDC_ERR_BADOPTION

I started by deleting the duplicate SPNs using the following commands

setspn -d http/AD-SRV.domain.com domain\crmadmin
setspn -d http/AD-SRV.domain.com domain\svcmosscontent
setspn -d http/AD-SRV.domain.com domain\svcmossssp
setspn -d http/CRM-SRV.domain.com domain\crmadmin
setspn -d http/MOSS-SRV.domain.com domain\svcmossssp

Next we found that some of the machine accounts weren’t functioning correctly for kerberos, it appeared that the SPNs for these had gone AWOL too, so I recreated them with the following commands:

setspn -R CRM-SRV
setspn -R MOSS-SRV

MOSS and CRM still werent working but we were getting much more useful errors now, which led me to re-create the correct SPNs:

setspn -A http/CRM-SRV domain\crmadmin
setspn -A http/CRM-SRV.domain.com domain\crmadmin
setspn -A http/MOSS-SRV domain\svcmossssp
setspn -A http/MOSS-SRV.domain.com domain\svcmossssp
setspn -A MSSQLSvc/AD-SRV.domain.com:1433 domain\crmadmin
setspn -A MSSQLSvc/AD-SRV.domain.com:1433 domain\CRM-SRV$
setspn -A MSSQLSvc/AD-SRV.domain.com:1433 domain\MOSS-SRV$
setspn -A MSSQLSvc/CRM-SRV.domain.com:1433 domain\crmadmin
setspn -A MSSQLSvc/MOSS-SRV.domain.com:1433 domain\svcmossssp
setspn -A MSSQLSvc/MOSS-SRV:1433 domain\svcmossssp

A quick server reset later and we were ready to go!  MOSS and CRM functioning as they should be!

Your Comments

  1. Abercrombie & Fitch
    Abercrombie
    Abercrombie & Fitch clothes
    Abercrombie Fitch
    Abercrombie Fitch UK
    Louis Vuitton
    Louis Vuitton handbags
    Louis Vuitton bags
    Louis Vuitton outlet
    Louis Vuitton uk
    LV Handbags
    LV bags
    0595623

    Posted by Mauro Masucci on 10/21 at 02:18 PM

  2. Hey I aloof got through with the pages, I should say Pretty nice plan done there.
    accident claims

    Posted by Mauro Masucci on 10/29 at 12:32 PM

  3. admire the admired careful advice you action in your articles.
    Montreal independent escorts

    Posted by Mauro Masucci on 10/30 at 08:31 AM

  4. Follow the blogs listed as acceptable adulation the residential area.
    Montreal escorts

    Posted by Mauro Masucci on 10/30 at 05:39 PM

  5. I havent any babble to accede this post..
    escortes montreal

    Posted by Mauro Masucci on 10/30 at 07:38 PM

  6. It’s harder to accretion beside bodies on this topic, but you complete like you apperceive what you are talking about! Thanks
    Montreal escortes

    Posted by Mauro Masucci on 10/30 at 09:03 PM

  7. cheap dresses
    women dresses

    Posted by Mauro Masucci on 11/02 at 10:36 AM

  8. moncler
    moncler sale
    moncler coats
    moncler Jackets
    moncler store
    moncler uk
    Replica Watches
    Omega Replica
    Replica Rolex Watches
    Best Replica Watches
    Swiss Replica Watches

    Posted by Mauro Masucci on 11/04 at 05:50 AM

  9. SSRS rep of men’s Diesel clothes, view our extensive full range of Diesel clothing. Here at The Menswear Site,
    Diesel Jeans and Diesel shirts
    diesel jeans
    uk diesel
    diesel
    diesel
    Herve Leger
    Herve sale
    Herve Leger dresses
    Herve Leger skirt
    HerveLegerort, add a textbox to Region and set the visibility property of the text-box

    Posted by Mauro Masucci on 11/04 at 02:43 PM

  10. two options, run a virtual machine - which when you bog down with SQL, SharePoint and Visual Studio will run slower than a sloth thats f
    Need evening dresses,or gowns? Formal evening dresses from dresses shop, evening gowns from dress4sale,Laundry and dress4sale
    Wedding dresses
    evening dresses
    evening dresses sale
    Dresses sale
    Wide collection of prom dresses, evening dresses and gowns, cocktail dresses, summer dress, 2010 summer dresses,
    little black dresses, beaded dresses
    Abercrombie & Fitch
    Abercrombie
    Abercrombie & Fitch clothes
    replica watches
    Abercrombie Fitch
    Abercrombie Fitch UKallen asleep or try to trick the visual studio on your pc.

    Posted by Mauro Masucci on 11/06 at 12:17 PM

  11. DataSet Region and settiffany co jewelry
    tiffany & co
    tiffany jewelry
    Tiffany Necklaces
    Tiffany Bracelets
    Tiffany Earrings
    Tiffany Rings
    herve sale
    Herve Leger
    Herve Leger Dress
    leger dress the visibility property of

    Posted by Mauro Masucci on 12/03 at 02:38 PM

  12. virtual machine - which when you bog down with SQL, SharePoint and Visualtiffany
    tiffany jewellery
    Tiffany co
    Tiffany and co
    Tiffany sale
    Tiffany Store
    links of london
    links of london Jewellery
    links of london
    Studio will run slower than a sloth thats f

    Posted by Mauro Masucci on 12/20 at 05:00 PM

Commenting is not available in this section entry.
← Back to Blog Homepage

About our Blog

Brantas Limited specialise in Dynamics CRM, SharePoint and System Integration using the Microsoft Platform. We are all experienced developers in various fields with our own specialities complementing those of our team.

We have been working with SharePoint since 2003, including Installation and Administration, Migration, Development and Support.

Related Solutions

    No Related Posts Found

Related Case Studies

    No Related Posts Found

Recent Blog Posts

Blog Categories

Blog Archives