k blog.kenaro.com
← All articles

Kerberos error in event log on every SharePoint 2010 farm server.

· Ingo Karstein
SharePoint 2010 Kerberos Migration Active Directory Permissions

I had an error in the event log on every SharePoint 2010 farm server:

image

A Kerberos Error Message was received:
 on logon session 
 Client Time: 
 Server Time: 13:1:13.0000 3/17/2011 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm: 
 Client Name: 
 Server Realm: xxxxx.NET
 Server Name: HTTP/xxxxx.net
 Target Name: HTTP/xxxxx.net@xxxxx.NET
 Error Text: 
 File: 9
 Line: efb
 Error Data is in record data.

This happens after migration of the old MOSS 2007 farm to SharePoint 2010. – On the new farm I used new accounts for the application pools.

I created SPNs on the new Application Pool accounts for the web applications.

BUT I forgot to remove the same SPNs from the old Application Pool accounts!!! – This was the (big) mistake.

ADSIEdit let me create the same SPN on different accounts. Sad smile

After removing the SPNs from the old Application Pool accounts everything works fine!

use SETSPN-Tool to find the accounts:

setspn Q HTTP/xxxx.net

You’ll get a list of all accounts that have the specified SPN “HTTP/xxxxx.net”

0 comments

Leave a comment

Your comment is reviewed before it appears. Your name is shown with the comment; your email is required for moderation but never published.