After installing MOSS 2007 the administration website works, but the sites create after gives security error. The installation is done using Kerberos option. In order to enable Kerberos for SharePoint is configure Service Principle Names (SPNs) for your SharePoint service accounts in Active Directory. Now the following script is ran to make the website work with Kerberos.
C:\Inetpub\AdminScripts>Cscript adsutil.vbs set w3svc/1720207907/root/NTAuthenticationProviders “Negotiate,NTLM”
This script modify the ‘C:\WINDOWS\system32\inetsrv\metabase.xml’ file. When ran the above script it added double quote twice as show below for that website. So both Kerberos and NTML is disabled.
<IIsWebVirtualDir Location =”/LM/W3SVC/418342199/Root” AccessFlags=”AccessExecute | AccessRead | AccessScript”
AppFriendlyName=”Root”
AppIsolated=”2″
AppPoolId=”SharePoint Central Administration v3″
AppRoot=”/LM/W3SVC/418342199/Root”
AuthFlags=”AuthNTLM”
ContentIndexed=”FALSE”
DoDynamicCompression=”TRUE”
DoStaticCompression=”TRUE”
HttpCustomHeaders=”X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 12.0.0.4518″
NTAuthenticationProviders=””Negotiate,NTLM””
Path=”C:\Inetpub\wwwroot\wss\VirtualDirectories\43578″
Realm=”domain.com.au”
To fix the above issue run the above command without double quote.
C:\Inetpub\AdminScripts>Cscript adsutil.vbs set w3svc/1720207907/root/NTAuthenticationProviders Negotiate,NTLM
Diganta Kumar is an experienced Technical Program Manager with a passion for technology. He has architected and developed software for over a decade for a broad range of industries. Diganta is a founder of two online IT businesses. He likes to help, mentor, and manage software development teams to improve and produce great software. He currently works as a Principal Program Manager for Microsoft. Before joining Microsoft, he was with AWS for five years, where he managed large cross-functional programs on a global scale.
Diganta Kumar's Blog 
Leave a Reply