Solved

Can 2 webservers have the same service principal name?

Posted on 2004-08-30
3
426 Views
Last Modified: 2007-12-19
Ok, I set up active directory delegation on my intranet site, and enabled windows authentication.
Users go to the ASP page, and their identity/credentials are passed through to the SQL server.

(logging into the sql server with the users credentials is the critical part here, we have assigned sql level permissions on certain tables)

When users go to the machines website http://cWebNexus2/integratedlogon.asp, everything works like a dream.
(cWebNexus2 is the name of the machine on our active directory network)

But when I go to the outside site name: http://nexus.dealix.com/integratedlogon.asp, it didn’t work at first.
So, I used “setspn -a HOST/nexus.dealix.com” on the CwebNexus2 Webserver to register the nexus.dealix.com name, so delegation will work… and now it does!

My question is, can I do the same thing for the webserver Cwebnexus1 when I bring that machine online next week?

See, nexus.dealix.com is an address that is going to be load balanced between the machines, CWebNexus1 and CWebNexus2, will I be able to use "setspn -a HOST/nexus.dealix.com" to register the domain for both servers?
 
0
Comment
Question by:dealix
  • 2
3 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 11937955
If you are using IIS 6.0 you can load balance servers and use Kerberos authentication, but it does take some steps to set up correctly:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/kerbnlb.mspx

If you are using IIS 5.0 this is not possible:

http://support.microsoft.com/default.aspx?scid=kb;en-us;325608

Any more questions?  ;-)

Dave Dietz
0
 

Author Comment

by:dealix
ID: 11946471
Well, we got windows 2003 on all the servers.. but we are using a F5 Big IP, not the Microsoft load balancing.....
If there is no way to do delegation for nexus.dealix.com without microsoft load balancing, I could push for that... but, is there any way to make this thing work with the F5 Big IP?

Thanks,
Dan
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 500 total points
ID: 11948871
Same instructions.....

NLB is a generalized term in the article and does not specifically apply to WLBS (Windows Load Balancing Services).  The steps should work fine for any load balancing technology I am aware of.

Dave Dietz
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now