Focus on WSSv3/MOSS upgrade…keeping Kerberos in mind


This is my first post in awhile because I have been intently learning and experimenting with WSSv3 and MOSS 2007. I will be focusing on upgrade for awhile. In fact, I am going to put a series of short posts on getting ready for WSSv3/MOSS.


First quick note: If you have followed my earlier advice and are running with Kerberos instead of NTLM for WSSv2/SPS then this is important. Make sure if you choose to perform a gradual upgrade that you have registered your servicePrincipalNames (SPN) for the new URL you will be using during the redirect prior to running setup. Why? It is necessary because clients ask for a ticket based on the URL of the server (or load balancer). Once you start redirecting for the gradual upgrade your tickets will be invalid for the v2 environment.


For example, if your URL is http://SharePoint.Contoso.com for the pre upgrade URL and you choose http://SharePointOld.Contoso.com , then you will need two SPNs. One for v2 redirects URL which will now be http://SharePointOld.Contoso.com and another for v3 which is http://SharePoint.Contoso.com. It is recommended that you use the same Application Pool Identity (account) in v3 that you used in v2. Therefore, you will end up with both SPNs registered on the same account. To sum up:


App Pool Identity= Contoso\SpPoolAcct


Domain= Contoso


Pre upgrade URL for v2= http://SharePoint.Contoso.com


Post upgrade URL for v2 = http://SharePointOld.Contoso.com


Post upgrade URL for v3 = http://SharePoint.Contoso.com


Setspn command to register the new SPN for upgrade= setspn –A http/SharePointOld.Contoso.com contoso\SpPoolAcct


Skip to main content