SharePoint 2010: How to Put Central Administration in Kerberos Authentication

  • Article

Remove Existing Central Administration site

Before you start, you have to know that your environment should be already configured for Kerberos Auth. I am only showing to you how to configure you're Central Administration in kerberos. Navigate to Start Menu > All Programs > Microsoft Office Server > SharePoint Products & Technologies Configuration Wizard

** **

  

 

Stop the services and Leave “Do NOT disconnect from this server farm” selected and click Next. As last Select “Yes, I want to remove the web site from this machine” and click Next.

 

 

Recreate Central Administration site with Kerberos authentication

 

Navigate to Start Menu > All Programs > Microsoft Office Server > SharePoint Products & Technologies Configuration Wizard

** **

 

 

Leave “Do NOT disconnect from this server farm” selected and click Next.

If asked, indicate that this server should host the central administration web application and click Next. Check the checkbox next to “Specify port number” and enter a port number of 11660. Select the Negotiate (Kerberos) authentication provider.

 

   

 

As last Update Alternate Access Mapping for Central Administration site, and set it to a user-friendly name, like http://centraladmin:11660 And execute the command SetSPN with the highest administrator privileges.

 

  • Setspn.exe -A HTTP/centraladmin spdev\administrator                                              Site Name || Service Application Account
  • Setspn.exe -A HTTP/centraladmin.spdev.local spdev\administrator                         FULL FQDN Name || Service Application Account
  • Setspn.exe -A HTTP/srv-sql-01.spdev.local spdev\administrator                               SQL || Service Application Account
  • Setspn.exe -A HTTP/srv-app-01.spdev.local spdev\administrator                              APPLICATION || Service Application Account
  • Setspn.exe -A HTTP/srv-fe-01.spdev.local spdev\administrator                                 WEB FRONTAL || Service Application Account
  • Setspn.exe -A HTTP/srv-dc-01.spdev.local spdev\administrator                                 DC || Service Application Account

If you have other servers, put them in the list. Again, for Kerberos Authentication, do not forget to put your site in "local intranet site"..