Monday, January 27, 2014

How to prevent SharePoint always prompts for login credentials?



SharePoint always promptsfor login credentials and there are several blogs already covered the common issues as listed below.



 
When we upgrade out SharePoint from 2010 to 2013, we constantly run into issue that SharePoint 2013 always prompts for login credentials. The cause is not related to any of the issues listed above. Since we are follow up best practice using multiple system accounts on SharePoint 2013 upgrade, we found the most common root cause for the issue is spn is not set up on AD for the SharePoint system account. Here is the way to identify whether you have such issue.

Use the following command line to display the SharePoint system account whether it has the spn configured in AD.

setspn –l domain\SPAccount

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\harryc>setspn -l na\spdev1
Registered ServicePrincipalNames for CN=spdev1,OU=CORP,OU=Service Accounts,DC=na,DC=domain,DC=com:

        http/sharepointdev13.qualcomm.com
        http/sharepointdev13
        http/spwebserver1.na.domain.com
        http/spwebserver2.na.domain.com


What you should look are the following several things.

  1. Does SharePoint AAM all listed in the spn? If not, include all AAM in the spn
  2. Does other accounts have the same spn configured to SharePoint? If so, you should remove them and leave only one account associate with the SharePoint URL
  3. Does the IISReset done on each WFE? If not, IISReset on all WFEs to force SPN propogate to SharePoint servers
If you have the correct spn configured for SharePoint system account, there is high chance users will be able to login to SharePoint after enter user name and password no more than ONE time.

1 comment:

  1. Hi Harry, I have the exact same issue as what you are having. Do I need to assign some SPN settings to the account? I don't quite understand what I need to do.

    Thanks

    ReplyDelete