Synchronize a Kerberos Authentication Account Password to IIS
Topic Last Modified: 2012-04-10
To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group.
In a site, Front End Servers, Standard Edition servers, and Directors can use a Kerberos authentication account for purposes of authenticating requests to the Web Services service. This procedure locates each server running Web Services in a site that has been assigned a Kerberos account and updates the Internet Information Services (IIS) configuration settings to use the Kerberos account. For details, see Set a Kerberos Authentication Account Password on a Server.
Important
You need to perform this procedure again after you add a new Front End Server to an existing site or pool. If you do not, you may be prompted to provide credentials for authentication when communicating with the new server.
To set and configure a Kerberos authentication account password
Log on to a source computer (such as fe01.contoso.com) as a member of RTCUniversalServerAdmins group.
Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.
From the Lync Server Management Shell command line, run the following two commands:
Set-CsKerberosAccountPassword -FromComputer SourceComputer -ToComputer DestinationComputerFor example:
Set-CsKerberosAccountPassword -FromComputer fe01.contoso.com -ToComputer dir01.contoso.comImportant
The name of the source computer and destination computer must be a fully qualified domain (FQDN) name of the server. You cannot use the pool FQDN unless the pool name is the same as the name of the computer that you are using as a source computer or destination computer.
Important
After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.