Archive for the 'DNS' Category

DNS and Kerberos… the answer to our mystery

It’s not an obvious one, so I thought it warranted a blog posting.

You may have read my previous posting about the Kerberos issues I’ve been experiencing with K2 [blackpearl] and MOSS 2007.

Information I failed to give, was that our K2 [blackpearl] workspace was accessable only by a host header, and likewise our MOSS instance. This has some significant implications for Kerberos authentication. The SPN for those instances should be made with the host header rather than the machine name.

OK. So you’ve got your SPN’s… but how have you configured your DNS server?

You host header entry really should be an ANAME entry. We however, had defined our MOSS instance with a CNAME. A CNAME is really just a way of providing an alias for a server, this should almost certainly result in failed Kerberos authentication against the SPN with a CNAME entry.


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.