kerberos

Hey,

 

That worked! Once we ran the SPN command = "Setspn.exe -A HTTP/infoviewuat.xyz.com userid" then the F5 came into play and things are good. Thanks for the insight.

 

 

Now on to the NEXT issue....HTTPS. We use a reverse proxy server for users from the outside world aka external network to come in via HTTPS. The trouble is, this proxy server is on a different domain (also different forest) than the BusinessObjects servers and the domain our AD groups reside in for Kerberos authentication.

 

 

I'm wondering if this setup can be made to work, or perhaps not if the F5 & BO servers and AD groups reside on a separate domain/forest than the proxy server?

 

 

Perhaps running a similar command on the AD controller like "Setspn.exe -A HTTP/proxyserver.ZYX.COM userid" will help to resolve? Users trying to come in via HTTPS are getting same error message as was getting prior to running the above script which resolved the F5 issue.

 

 

There may be some changes to the BO application required, but our network guy was thinking not because after the users hit the proxy they then get over to our BO servers the same as if they were in house (in theory). This setup works ok in BusinessObjects XIR2, which is our current production, but for that we're using NTLM auth and Trusted Auth, not AD and Kerberos.

 

 

Any ideas? I'm really stuck again as not having HTTPS is a show stopper for our upgrade project.

 

 

Thanks!