I recently had a hard time troubleshooting a Kerberos issue at a client. The Kerberos goodies (SPN's, Delegation etc) were created by the SysAdmin team based on instructions from me but unfortunately I was not present when they did so I had to verify the Kerberos setup after everything was created. The symptoms was the usual, APP Pool service account auth to K2 server using NTLM and naturally the user credentials aren't delegated, resulting in Anonymous connection to K2 server. Everything checked out: SPN's on K2 Server Service Account, SPN's on APP Pool Account, constrained delegation from APP Pool to K2 Server configured etc. After much head scratching I discovered a DUPLICATE set of SPN's on the K2 Services which caused Kerberos to break. A Service can only run as one account, so to create another set of SPN's for the SAME Services on another account is a no-no. The following would be a problem (not showing FQN SPN's):
ServiceAccount1 SPN's:
K2Server/SERVERA:5252
K2HostServer/SERVERA:5555
ServiceAccount2 SPN's:
K2Server/SERVERA:5252
K2HostServer/SERVERA:5555
Delete the SPN's for ServiceAccount2 and you're good to go.
Error on method Project.CreateDeploymentPackage() - Value cannot be null.
Parameter name: path1
-
*Server Setup:*
Visual Studio 2010
K2 Blackpearl
Windows Server 2008 R2 Standard (64-bit)
*Setup:*
I am attempting to write an automated build engine ...
13 hours ago
0 comments:
Post a Comment