Confused about SPNs

From: <damore44@xxxxxxxxxxx>
Date: Tue, 9 Aug 2005 07:53:34 -0400

Hello, I'm new to troubleshooting Kerberos and a little confused about the
SPN's and hopefully someone could clear things up for me. I am running in a
Windows 2000 environment using three servers, SQL server, web server (IIS
5.0) and a Terminal Server. I am using a web application going from the TS
server to the Web server, and then to the database server.

On the SQL and TS servers I am getting the following error"0x7 -
KDC_ERR_S_Principal_UNKNOWN : Server not found in Kerberos Database" both
servers are using local system accounts for IIS and SQL, so the default
SPN's are on the server. When I do a "setspn -L computer name" should I
only see information about the local server (local SPN's)? Or should the
SPN's be pointing to a DC? I read a lot of information about the SPN's but
I guess I am still confused of how this all work. Do I need to set IIS and
SQL with a Domain account for the services?

I appreciate any help or clarification

Thanks,
Dave Vitko
david_vitko@xxxxxxxxxxx

.

Prev by Date: Re: Cannot start the krb5kdc
Next by Date: What is 'flavor'?
Previous by thread: Service Principal Names (SPNs) on Windows
Next by thread: What is 'flavor'?
Index(es):
- Date
- Thread

Relevant Pages

FW: Microsoft Security Advisory MS 03-007
... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
(Focus-Microsoft)
Re: SQLServer Connection Problems...
... making it all the way to SQL but its failing at the SQL login. ... Only take this step if your server is protected inside a good firewall... ... Most good judgment comes from experience. ... I can ping the SBS server from the Web Server on a local ip address ...
(microsoft.public.sqlserver.connect)
RE: IIS6 on W2k3 DCs
... In the case of a web server, ... >Organizations who want fault tolerance put resources on ... >But Small Business Server 2003 runs with IIS on our domain controller. ...
(Focus-Microsoft)
Re: middle tier recommendations
... I forgot to mention I do have a standby database server for failover. ... >> That depends on the amount of use that interface will get. ... >> is scalable, you can put your app, with DLLs, on any web server without ... >>> inherent performance issues with IIS ...
(microsoft.public.dotnet.framework)
RE: Confusion on standard security methodologies.
... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
(microsoft.public.inetserver.iis.security)