How To: Configure and Consume Kerberos for use in SQL Server 2008 R2 and SharePoint 2010 Part 2 1


 

Part 1: – How To: Configure and Consume Kerberos for use in SQL Server 2008 R2 and SharePoint 2010 Part1

Part 2: – Configuring Service Applications, Sites, and Verifying our Work

Part 3: – Test out Using Web Parts and Communicating Securely across Web Applications with Kerberos

 

Synopsis

In Part 1 we covered the installation of SQL, creating SPN’s for SQL, creating and configuring Service Accounts for SharePoint and the requite SPNs for SharePoint Service Applications and Web Applications.  In this Part 2 we will pick up from there an build out the following

  • Create, Configure Search Service Application
  • Create Kerberos Authentication Web Applications for
    • Intranet Site – Portal
    • Team Site – Teams
    • My Site – My
  • Create Site Collections for all three

Part 5: How to Make it Work

NEXT I WILL START CREATING SERVICE APPLICATIONS

MY FIRST ONE WILL BE SEARCH SO WHEN I CREATE MY SITES, THEY CAN ALREADY BE SQUARED AWAY FOR CRAWLING AND SEARCHING

So, right now my Service Applications is Naked.. lets get Search done first so when we create or Web Apps they will be added to the Content Source of the Search Service Applicaitons.

clip_image001

Screen clipping taken: 8/14/2010 11:29 AM

clip_image002

Screen clipping taken: 8/14/2010 11:39 AM

clip_image003

Screen clipping taken: 8/14/2010 11:49 AM

clip_image004

Screen clipping taken: 8/14/2010 11:51 AM

Now I will create my Web Apps for

  1. Portal
  1. Teams
  1. My

Right now the only Site is the Admin Site

clip_image005

Screen clipping taken: 8/14/2010 12:01 PM

We begin by creating a new Web App for our Portal

clip_image006

Screen clipping taken: 8/14/2010 12:03 PM

Change the Auth Provider to Kerberos

clip_image007

Screen clipping taken: 8/14/2010 12:04 PM

Create a new App Pool with the Managed Account that we have and already created the SPN for

Name your Content DB appropriately

clip_image008

Screen clipping taken: 8/14/2010 12:05 PM

Accept the other Defaults

clip_image009

Screen clipping taken: 8/14/2010 12:06 PM

Once you click OK you will get prompted about the use of Kerberos

clip_image010

Screen clipping taken: 8/14/2010 12:06 PM

clip_image011

Screen clipping taken: 8/14/2010 12:09 PM

Comfirmation is provided

clip_image012

Screen clipping taken: 8/14/2010 12:10 PM

Verify Auth Provider

clip_image013

Screen clipping taken: 8/14/2010 12:11 PM

Click Default

clip_image014

Screen clipping taken: 8/14/2010 12:14 PM

clip_image015

Screen clipping taken: 8/14/2010 12:14 PM

Now lets create a Site collection

clip_image016

Screen clipping taken: 8/14/2010 12:18 PM

clip_image017

Screen clipping taken: 8/14/2010 12:20 PM

clip_image018

Screen clipping taken: 8/14/2010 12:48 PM

And if all goes well

clip_image019

Screen clipping taken: 8/14/2010 1:22 PM

Let us now verify that Kerberos is what was used to get us to this point

We will use a variety of techniques

FIRST THRU IIS

clip_image020

Screen clipping taken: 8/14/2010 1:27 PM

clip_image021

Screen clipping taken: 8/14/2010 1:31 PM

clip_image022

Screen clipping taken: 8/14/2010 1:32 PM

clip_image023

Screen clipping taken: 8/14/2010 1:39 PM

You can also run Klist on the WFE

clip_image024

Screen clipping taken: 8/14/2010 1:56 PM

This is also what we have as far as Databases created so far based on our configs

clip_image025

Screen clipping taken: 8/14/2010 1:57 PM

clip_image001[4]

Screen clipping taken: 8/14/2010 2:07 PM

clip_image002[4]

Screen clipping taken: 8/14/2010 2:07 PM

clip_image003[4]

Screen clipping taken: 8/14/2010 2:08 PM

clip_image004[4]

Screen clipping taken: 8/14/2010 2:09 PM

DO THE SAME FOR the MySite

Then we should have the following Web Apps Created

clip_image005[4]

Screen clipping taken: 8/14/2010 2:18 PM

clip_image006[4]

Screen clipping taken: 8/14/2010 2:37 PM

clip_image007[4]

Screen clipping taken: 8/14/2010 6:01 PM

On the MySite turn on Self Service Site Creation

clip_image008[4]

Screen clipping taken: 8/14/2010 6:05 PM


Leave a comment

Your email address will not be published. Required fields are marked *

One thought on “How To: Configure and Consume Kerberos for use in SQL Server 2008 R2 and SharePoint 2010 Part 2