I am trying to configure BOXI 3.1 for Windows AD logon through .Net InfoView.
I have created a service user: BO_Service_User.
I have run setspn on one of my domain controllers: setspn -A BOBJCentralMS/TR.DOMAIN.COM BO_Service_User
It reported running successfully and I can see it if I run 'setspn -L BO_Service_User'. This command returns: BOBJCentralMS/TR.Domain.com (note: mixed case domain name).
I have entered the spn into the CMC as: BOBJCentralMS/BO_Service_UseratDOMAIN.COM
I have bcsLogin.conf and krb5.ini in c:\windows (my real Windows directory) and c:\winnt as follows:
[libdefaults]
default_realm = THOROGOOD.COM
dns_lookup_kdc = true
dns_lookup_realm = true
[realms]
THOROGOOD.COM = {
default_domain = DOMAIN.COM
kdc = ES-DC-01.DOMAIN.COM
}
I have tested Kerberos using: kinit.exe BO_Service_User, and this creates a ticket. (This failed until I manually created the path c:\winnt\ and put bcsLogin.conf and krb5.ini into it.)
My problem is that in the .Net InfoView I get the following message when trying to login:
"Account Information Not Recognized: Kerberos target name BOBJCentralMS/BO_Service_UseratDOMAIN.COM is unknown"
For the service account, do I need to select "Use DES encryption types for this account"?
Do I need to run setspn on each of the domain controllers in a single domain?
Is the fact that the case is different when I run setspn -L important? I have tried deleting the spn and creating it again but it returns in the same case.
Any suggestions on how I fix this would be appreciated?
Thanks
Al.
Edited by: Julius Bussche on Jan 12, 2009 6:27 PM