Granting Database Access for Kerberos

Prerequisites

• These instructions apply only if you are using Kerberos authentication.
• Ensure SetSPN is installed for Windows 2003.

  The SetSPN command line tool is not available on a Windows 2003 Server by default. It is part of Windows Support Tools utility. Windows Support Tools can be installed from the Windows Server 2003 installation CD. For convenience, it is available for download from the following Knowledge Base article from Microsoft: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7911.

  SetSPN is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use setspn, you must run the setspn command from an elevated command prompt.

• Log on to Windows using a Domain Administrator account.

Navigation

• For Windows Server 2003 - Run Start > Programs > Support Tools > Command Prompt to open a command prompt.
• For Windows Server 2008 - Click Start, right-click Command Prompt, and then click Run as administrator.

Instructions

1. Set a fully qualified domain name, friendly name, and DNS name on the AgilePoint Server machine so that any client can access it:
   1. To set the fully qualified domain name, execute the SetSPN command using the following syntax:

      setspn –a http/machinename.domain.com domain\username

      Be sure to include the Domain Name in the command prompt: machinename.domain.com. The machinename refers to the AgilePoint Server machine name.

   2. To set the friendly name, execute the setspn command using the following syntax:

      setspn –a http/machinename domain\username

      If you are unable to access the AgilePoint Server Web service pages from a machine other than the machine where AgilePoint Server is installed (e.g. Client or SharePoint machine). You should follow step a.

   3. To set the DNS Name or Alias used to abstract the physical hardware execute the setspn command using the following syntax:

      setspn –a http/dns domain\username

   4. Verify whether this has been properly set by running the following command:

      setspn –l domain\username

      The result should list http/machinename.domain.com.