Hi,

I have to setup my AS2005 server to delegate the user for Kerberos access.
I have executed this command:
setspn -A MSOLAPSvc.3/<SERVER>:dev <Domain>\<Account>

where dev is the name of the AS2005 instance

but the active directory I don't see this specific entry in the list of
services for my user account.

does it the right syntax?

also, my web server generates another Kerberos error related to the
MSOLAPDisco.3 service, and I haveaddded this service for my account too, but
the error still here!!!

any guide is required :-)

thanks.

Jerome.

Can you show what the SPNs look like in the directory (as shown by ldp.exe
or something)?

I'm not sure what the MSOLAP service name is supposed to be, but what you
have sounds reasonable. The important think is to apply the right SPNs to
the right accounts in AD that will actually be running that instance of that
service.

Joe K.

"Jéjé" <willgart_A_ (AT) hotmail_A_ (DOT) com> wrote

well...

I don't see this SPN in the AD list (list of SPN associated to a particular
account don't list the :dev instance)
but I can see it using the setspn utility. (setspn -l)

the kerberos works fine if I activate the account to trust all services
using kerberos only.



"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan (AT) removethis (DOT) accenture.com> wrote
in message news:%23E7IsKCKGHA.604 (AT) TK2MSFTNGP14 (DOT) phx.gbl...

If you issue an LDAP query against the object in question (whatever the
account's name is) and request the servicePrincipalName attribute, what do
you get?

Joe K.

"Jéjé" <willgart_A_ (AT) hotmail_A_ (DOT) com> wrote