Saturday, May 21, 2011

Using Kernel-Mode with SharePoint 2010 Farm

I will start with this quote from Microsoft: "Kernel Mode Authentication is not supported in SharePoint 2010 Products. This information is provided for informational purposes only."
But, Microsoft gave us work around for this issue, as you probably know the Kernel-Mode says that the Kerberos tickets will be decrypted using SPN's that exist on the machine account instead of the custom application pool identity.
What we going to do is to say to the IIS to use application pool identity instead of the machine account when the Kernel-Mode is Enabled.


What we need to do is very simple, just read this article from Microsoft about adding to theApplicationHost.config file (located at: %windir%\system32\inetsrv\config\)
the attribute useAppPoolCredentials, example:

<system.webServer>
   <security>
      <authentication>
         <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true" />
      </authentication>
   </security>
</system.webServer>
I tested this work around on a testing environment (Tier 1 - 2 WFE servers with NLB, 2nd tier - Application Server, 3nd tier - SQL server) and its work Perfectly, if you have more information about issues with this work around please share with as, thanks.
Posted by at
Labels: , ,

1 comment:

  1. GoodnewsMarch 4, 2023 at 2:03 PM

    I’m impressed, I must say.
    Rarely do I come across a blog that’s both educative and engaging, and without a doubt, you’ve hit the nail on the head. The problem is an issue that not enough people are speaking intelligently about. I’m very happy that I found this during my search for something regarding this. I would like you to check out my own blog which best explains more about AFWA Research Scholarships For Africa Students.
    So read through carefully to be enlightened.

    ReplyDelete

Subscribe to: Post Comments (Atom)