Tuesday, June 7, 2011

Kerberos error in event log on every SharePoint 2010 farm server.

I had an error in the event log on every SharePoint 2010 farm server:

A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 13:1:13.0000 3/17/2011 Z
Extended Error: 0xc0000035 KLIN(0)
Client Realm:
Client Name:
Server Realm: xxxxx.NET
Server Name: HTTP/xxxxx.net
Target Name: HTTP/xxxxx.net@xxxxx.NET
Error Text:
File: 9
Line: efb
Error Data is in record data.

This happens after migration of the old MOSS 2007 farm to SharePoint 2010. – On the new farm I used new accounts for the application pools.
I created SPNs on the new Application Pool accounts for the web applications.
BUT I forgot to remove the same SPNs from the old Application Pool accounts!!! – This was the (big) mistake.

ADSI Edit let me create the same SPN on different accounts.
After removing the SPNs from the old Application Pool accounts everything works fine!

use SETSPN-Tool to find the accounts:

setspn Q HTTP//www.pravahaminfo:1234/

You’ll get a list of all accounts that have the specified SPN “www.pravahaminfo:1234/”

No comments:

Post a Comment