Posts RSS Comments RSS 51 Posts and 48 Comments till now

Exchange 2007 Clusters and Kerberos Authentication

I encountered an issue when bringing up a cluster and enabling Kerberos Authentication. Apparently, there’s a bug where the cluster nodes won’t properly register SPNs which results in Kerberos Authentication to fail. The fix is easy thanks to KB935676:

Let’s say you have 2 nodes; node1 and node2. Run the following commands (make sure you change the Common Name of the CMS):

add-ADPermission -Identity “cn=exchange-cms,cn=computers,dc=mydomain,dc=com” -User “node1$” -AccessRights WriteProperty -Properties “Validated-SPN”

add-ADPermission -Identity “cn=exchange-cms,cn=computers,dc=mydomain,dc=com” -User “node2$” -AccessRights WriteProperty -Properties “Validated-SPN”

Elan Shudnow :: Nov.08.2007 :: Exchange, Microsoft :: No Comments »

Trackback this post | Feed on Comments to this post

Leave a Reply

You must be logged in to post a comment.