1

I'm trying to get Kerberos to work for a new Sharepoint server I'm installing. It works fine for the server name, but not the FQDN. I've done setspn for both, and I've added the domain to trusted sites, and still no luck.

So I figured I'd try tracing the traffic, like in this post: https://blogs.technet.microsoft.com/askds/2012/07/27/kerberos-errors-in-network-captures/

However, when I filter to authentication traffic, it gives me nothing. (For this site, or for another successful site)

I'm a bit stumped as to what to try next, other than maybe try Wireshark - but I don't know why that would give drastically different results.

teleute00
  • 347
  • 1
  • 4
  • 16

1 Answers1

0

Where are you running the trae from. I don't know anything about sharepoint, but I am assuming you need a kerberos ticket in smb to make the connection. You may not have anyauthentication traffice because you need to disconnect all shares.

from the host side. Please disconnect all shares. Reboot. Start you trace and then make your cocnnection.

For your connection are you accessing something in the same domain. Are you using an dns alias.

non-admin-dan
  • 1
  • I've tried the trace from a number of different client machines (all on the same domain) with no luck. I don't really know how to "disconnect all shares" with sharepoint - it's not smb, it's a set of web services. I've rebooted the server, though, and restarted IIS a number of times. I do have a DNS alias set up, but it doesn't seem to be making a difference - without the domain suffix Kerberos works whether I use the machine name or the alias. With the domain suffix it doesn't work for either the machine name or the alias. – teleute00 Mar 07 '16 at 17:46