André Krijnen

Windows Server 2008

Claims to Windows Token Service (c2wts) problems

by on Aug.12, 2010, under .NET4.0, c2wts, Excel Services, SharePoint 2010, Windows Server 2008

Not alot of people had these issues regarding the Claims to Windows Token Service, but I had some problems with it. For some reason on Windows Server 2008 with Service Pack 2 and all prerequisites installed except voor KB971831-x64 HotFix voor WCF c2wts couldn’t be started. In the event viewer and in the ULS logs I had alot of messages that it takes too long to start te service.

Also when I browsed to the http:///SecurityTokenServiceApplication/SecurityToken.svc I had an internal server error. So I knew that were some problems. I did also knew that I couldn’t install the KB article voor WCF. So I knew that this could cause the issues regarding the c2wts service.

For some reason or another it tries to make a connection to the outside world(internet) from the Service Application in order to get the ssl certificate, but this isn’t possible when you are at a production network of a cliënt. So I checked the config file of the SecurityToken.svc and I found out that there is a .NET framework 4.0 mentioned in it. So I downloaded the .NET Framework 4.0 and installed it on the production servers hosting SharePoint.

After installation it worked without any problems. I don’t know what fixes it, but it okay, because know we can use Excel Services as it should be.

1 Comment more...

Service principal names, kerberos, IIS 7.0 and error 401: The requested resource requires user authentication

by on Aug.07, 2010, under Internet Information Services, SharePoint 2010, Software, Windows Server 2008

The last couple of days I was working at a customer where Kerberos was needed for SharePoint 2010. Of course I started to set the different Service Principal Names for my App Pool accounts, farm accounts, machines, etc. Not to hard to do it, but I ran everytime in a 401 error: The requsted resources requires user authentication.
Strange I thought, but yet I sended the Domain Administrator more commando’s and it didn’t help. So I checked everything, checked for duplicates, etc. Still I ran into these errors.

After some search I found out that there are some problems with IIS 7.0 regarding Kerberos, and I needed to configure the applicationHost.config to solve these issues with Kerberos. enabled the kernel activation mode, etc. But, it didn’t make any difference, rebooted several times, removed the Kernel Activation Mode and removed again the changed on the applicationHost.config.

I knew that we’ve made C-Name records and it gave me a wonderfull idea to change the C-Name records to A records. These changes where applied, and wow, in less time as expected I opened IE and opened the different web apps. In less then a second the page was displayed from my web app. When you run in these problems, change your C-Name record to A-record and it will fix all your problems with SPN’s, Kerberos and IIS 7.0

2 Comments :, , , , , , , , , more...

Windows Server 2008 R2 with WSS 3.0 Error 10016: DCOM IIS WAMReg admin service

by on Feb.20, 2010, under MOSS, Software, Windows Server 2008, WSS

Well it was the first time I did a deployment of WSS 3.0 on Windows Server 2008 R2 at a customer… the installation went very well I could say but yet I found out that I had a strange DCOM error. Not the DCOM error I would suspect…

Type: Error
Source: DCOM
Category: None
Event ID: 10016
The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user DomainName\UserName SID {61738644-F196-11D0-9953-00C04FD919C1}. This security permission can be modified using the Component Services administration tool.

So after searching on I found out that this has the do with the DCOM IIS WAMReg admin service. Normally you would say that this has to do with the location activation of the DCOM service. But when I found out that the DCOM service couldn’t be changed I had to figure out that I had to change some settings. I knew that you can activitate the DCOM service, but Microsoft had to change this DCOM service with the new release of Windows Server 2008 R2. On BING I found out that someone had this error.

So check the blog of Wictor Wilen It saves you a lot of time to figure it out.

2 Comments :, , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!


A few highly recommended websites...