Troubleshooting Kerberos delegation for Monitoring Server

Duplicate SPNs can prevent Kerberos from functioning correctly. To determine if you have duplicate SPNs, run the Setspn command-line tool with the following syntax:

setspn –l <servername>

To remove a duplicate SPN, run the Setspn command-line tool with the following syntax:

setspn –d <SPN>

For example:

Setspn –d http/servername.domain.com account

For more examples of using the Setspn command-line tool, see Setspn Examples (https://technet.microsoft.com/en-us/library/cc755413.aspx).

If a "You do not have permission to view this data" message appears when you try to view dashboard elements in Windows SharePoint Services, check the "Properties" tab of the report view and the associated data source to make sure that the user or group who will be viewing the report through Windows SharePoint Services has Reader permissions on both. If the data source is connecting to a back-end server such as SQL Server or Analysis Services, make sure that the user whose permissions are being delegated has permission to view the data.

For information about configuring Kerberos with Microsoft Office SharePoint Server 2007, see Configure Kerberos authentication (Office SharePoint Server).

If you want to specify a Web site by its port, the service principal name (SPN) needs to reflect that. This issue can be addressed by making a registry modification on the computer running Internet Explorer 6.0.

For more information, see the following article in the Microsoft Knowledge Base: Internet Explorer 6 cannot use the Kerberos authentication protocol to connect to a Web site that uses a non-standard port on Windows XP, Windows Server 2003 or Windows Vista (https://go.microsoft.com/fwlink/?LinkId=99681).

This topic is included in the following downloadable book for easier reading and printing:

• Monitoring Server Deployment Guide for PerformancePoint Server 2007

See the full list of available books at Downloadable content for PerformancePoint Monitoring Server.