How to prevent SharePoint always prompts for login credentials?

SharePoint always promptsfor login credentials and there are several blogs already covered the common issues as listed below.

• Internet Explorer SecuritySettings
• User account with nopermission to the SharePoint
• Access SharePoint usinga fully qualified domain name without a proxy server on Vista server

 

When we upgrade out SharePoint from 2010 to 2013, we constantly run into issue that SharePoint 2013 always prompts for login credentials. The cause is not related to any of the issues listed above. Since we are follow up best practice using multiple system accounts on SharePoint 2013 upgrade, we found the most common root cause for the issue is spn is not set up on AD for the SharePoint system account. Here is the way to identify whether you have such issue.

Use the following command line to display the SharePoint system account whether it has the spn configured in AD.

setspn –l domain\SPAccount

Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\harryc>setspn -l na\spdev1

Registered ServicePrincipalNames for CN=spdev1,OU=CORP,OU=Service Accounts,DC=na,DC=domain,DC=com:

        http/sharepointdev13.qualcomm.com

        http/sharepointdev13

        http/spwebserver1.na.domain.com

        http/spwebserver2.na.domain.com

What you should look are the following several things.

1. Does SharePoint AAM all listed in the spn? If not, include all AAM in the spn
2. Does other accounts have the same spn configured to SharePoint? If so, you should remove them and leave only one account associate with the SharePoint URL
3. Does the IISReset done on each WFE? If not, IISReset on all WFEs to force SPN propogate to SharePoint servers

If you have the correct spn configured for SharePoint system account, there is high chance users will be able to login to SharePoint after enter user name and password no more than ONE time.