RSS Subscription 168 Posts and 2,769 Comments

Exchange 2007 Clusters and Kerberos Authentication

I encountered an issue when bringing up a cluster and enabling Kerberos Authentication. Apparently, there’s a bug where the cluster nodes won’t properly register SPNs which results in Kerberos Authentication to fail. The fix is easy thanks to KB935676:

Let’s say you have 2 nodes; node1 and node2. Run the following commands (make sure you change the Common Name of the CMS):

add-ADPermission -Identity “cn=exchange-cms,cn=computers,dc=mydomain,dc=com” -User “node1$” -AccessRights WriteProperty -Properties “Validated-SPN”

add-ADPermission -Identity “cn=exchange-cms,cn=computers,dc=mydomain,dc=com” -User “node2$” -AccessRights WriteProperty -Properties “Validated-SPN”

Share

Trackback this post | Feed on Comments to this post

Leave a Reply