420 Bad Extension - Bad SIP Protocol Extension used, not understood by the server.417 Uknown Resource-Priority - There was a resource-priority option tag, but no Resource-Priority header.416 Unsupported URI Scheme - Request-URI is unknown to the server.415 Unsupported Media Type - Request body is in a non-supported format.414 Request URI Too Long - Server refuses to service the request, the Req-URI is longer than the server can interpret.413 Request Entity Too Large - Request body too large.412 Conditional Request Failed - The given precondition has not been met.411 Length Required - The server will not accept the request without a valid content length (deprecated).410 Gone - The user existed once but is not available here any more.409 Conflict - User already registered (deprecated).408 Request Timeout - Couldn't find the user in time.407 Proxy Authentication Required - The request requires user authentication.406 Not Acceptable - The resource is only capable of generating responses with unacceptable content.405 Method Not Allowed - The method specified in the Request-Line is understood, but not allowed.404 Not Found - The server has definitive information that the user does not exist at the (User not found).403 Forbidden - The server understood the request, but is refusing to fulfil it.402 Payment Required - (Reserved for future use).This response is issued by UASs and registrars. 401 Unauthorized - The request requires user authentication.400 Bad Request - The request could not be understood due to malformed syntax.Self-managed (Private cloud - On-premise).Checking this box enables Kerberos on the Web Browser, which is a requirement. Make sure the "Enable Integrated Windows Authentication" box is checked on all of your clients.Make sure you see an SPN for HTTP\YOURALIAS under the sharepoint service account in AD.Make sure you see an SPN for HTTP\MACHINENAME under the sharepoint service account in AD.If you're runnning your sharepoint site under an alias, you will need to set a Service Principal Name for that alias as well, because IE7 has a bug in it where it requests tickets for the wrong SPNs intermittently. If you see that people are being granted access using NTLM, that probably means (I'd say 80% of the time) that you need to define a Service Principal Name for Sharepoint.
In there, you should see that all of your users are being authenticated using "Kerberos", not "NTLMSSP". Go to the Sharepoint server under the Security event log.
NTLM does not mean "Integrated Windows Authentication". That means you should NOT be using NTLM at all - you should be using Kerberos.
0 kommentar(er)
