Hi Paul, Thanks... Once we set the SPN, the auth_schema for farm will be 'Kerberos' but it will only show for the services (app pool) being used for delegation. >From the guide [ Select s.session_id, s.login_name, s.host_name, c.auth_scheme from sys.dm_exec_connections c inner join sys.dm_exec_sessions s on c.session_id = s.session_id
] I mean it will not affect to create future web apps in NTLM mode and not affect the Central Admin. Cheers Ajay On Mon, Feb 11, 2013 at 11:05 AM, Paul Culmsee < [email protected]> wrote: > Hi**** > > ** ** > > You need to register the SPN yes, and then you need to delegate to it from > any account that might access it. That means the claims to windows token > account, service account and web app account.**** > > ** ** > > Regards**** > > ** ** > > Paul**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Ajay > *Sent:* Monday, 11 February 2013 5:56 AM > *To:* ozMOSS > *Subject:* Sp 2010 - Kerberos**** > > ** ** > > Hi Guys,**** > > ** ** > > I have to set up Kerberos for BI stuff like Excel Services, Performance > Point, SSRS and Analysis services**** > > ** ** > > I have downloaded the 246 page guide from Microsoft.. which looks good.*** > * > > ** ** > > I have one quick question... do we need to enable Kerberos for Sql Server > also?**** > > ** ** > > like the following**** > > SetSPN -S MSSQLSVC/MySQLCluster.vmlab.local:1433 vmlab\svcSQL**** > > ** ** > > I think as Sql Server is not delegating credentials than it does not need > to be Kerberos enabled or does it need to be.**** > > ** ** > > Cheers**** > > Ajay**** > > ** ** > > ** ** > > ** ** > > ** ** > > ** ** > > _______________________________________________ > ozmoss mailing list > [email protected] > http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss > >
_______________________________________________ ozmoss mailing list [email protected] http://prdlxvm0001.codify.net/mailman/listinfo/ozmoss
