Tag: Windows Server 2008
Service principal names, kerberos, IIS 7.0 and error 401: The requested resource requires user authentication
by mysticslayer on Aug.07, 2010, under Internet Information Services, SharePoint 2010, Software, Windows Server 2008
The last couple of days I was working at a customer where Kerberos was needed for SharePoint 2010. Of course I started to set the different Service Principal Names for my App Pool accounts, farm accounts, machines, etc. Not to hard to do it, but I ran everytime in a 401 error: The requsted resources requires user authentication.
Strange I thought, but yet I sended the Domain Administrator more commando’s and it didn’t help. So I checked everything, checked for duplicates, etc. Still I ran into these errors.
After some search I found out that there are some problems with IIS 7.0 regarding Kerberos, and I needed to configure the applicationHost.config to solve these issues with Kerberos. enabled the kernel activation mode, etc. But, it didn’t make any difference, rebooted several times, removed the Kernel Activation Mode and removed again the changed on the applicationHost.config.
I knew that we’ve made C-Name records and it gave me a wonderfull idea to change the C-Name records to A records. These changes where applied, and wow, in less time as expected I opened IE and opened the different web apps. In less then a second the page was displayed from my web app. When you run in these problems, change your C-Name record to A-record and it will fix all your problems with SPN’s, Kerberos and IIS 7.0
Windows Server 2008 R2 with WSS 3.0 Error 10016: DCOM IIS WAMReg admin service
by mysticslayer on Feb.20, 2010, under MOSS, Software, Windows Server 2008, WSS
Well it was the first time I did a deployment of WSS 3.0 on Windows Server 2008 R2 at a customer… the installation went very well I could say but yet I found out that I had a strange DCOM error. Not the DCOM error I would suspect…
Type: Error
Source: DCOM
Category: None
Event ID: 10016
Description:
The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user DomainName\UserName SID {61738644-F196-11D0-9953-00C04FD919C1}. This security permission can be modified using the Component Services administration tool.
So after searching on BING.com I found out that this has the do with the DCOM IIS WAMReg admin service. Normally you would say that this has to do with the location activation of the DCOM service. But when I found out that the DCOM service couldn’t be changed I had to figure out that I had to change some settings. I knew that you can activitate the DCOM service, but Microsoft had to change this DCOM service with the new release of Windows Server 2008 R2. On BING I found out that someone had this error.
So check the blog of Wictor Wilen It saves you a lot of time to figure it out.