Quantcast
Channel: Technical guides by Gsec.se » Kerberos
Viewing all articles
Browse latest Browse all 3

Lync Server 2013 with Kerberos Authentication

0
0

The other day i had to enable my Lync Environment for Kerberos Authentication. I was going to use KCD and had a LoadBalancer involved and there for i had to configure an account to be run instead of doing the usual delegation to the computer accounts.

I found information about this on TechNet, this is kind of the same as running the RollAlternateServiceAccount script on an Exchange server.

http://technet.microsoft.com/en-us/library/gg398734.aspx

I started with creating the account to be used, this uses a Computer account instead of a service account.

New-CsKerberosAccount -UserAccount “GSEC\LyncKerbAuth” -ContainerDN “OU=Lync,OU=Service Accounts,OU=Users,DC=gsec,DC=se”

Next i need to assign the account to my Lync site. First i check the name of the site by running

Get-CsSite

Then i run the following command

New-CsKerberosAccountAssignment -UserAccount “GSEC\LyncKerbAuth” -Identity “site:Gsec”

After this is done you need to run

Enable-CsTopology

Now it’s time to set a password for the account

Set-CsKerberosAccountPassword -UserAccount “GSEC\LyncKerbAuth”

To verify that this works run

Test-CsKerberosAccountAssignment -Identity “site:Gsec” -Report “c:\logs\FileName.htm” -Verbose

It will create an HTLM file with the details

Now i need to set the SPN for the account

Setspn -S http/lyncweb LyncKerbAuth

Setspn -S http/lyncweb.gsec.se LyncKerbAuth

Now all the settings are done and you can publish Lync with KCD and a loadbalancer without having problems with the SPN.

 



Viewing all articles
Browse latest Browse all 3

Latest Images

Trending Articles





Latest Images