Setting Up Kerberos Authentication
Topic Last Modified: 2010-11-03
Microsoft Lync Server 2010 supports NTLM and Kerberos authentication for Web Services. Office Communications Server 2007 and Office Communications Server 2007 R2 used the default RTCComponentService and RTCService as the user accounts to run the Web Services application pools, allowing for a service principal name (SPN) to be assigned to the user accounts and to act as the authentication principal. Lync Server uses NetworkService to run Web Services and NetworkService cannot have SPNs assigned to it.
To solve the problem of not having Active Directory objects to hold the SPNs, Lync Server can use computer account objects for this purpose. The computer account objects can hold the SPNs and are not subject to password expiration, which was an issue with using user accounts in previous versions.
You use Windows PowerShell cmdlets to configure the computer objects to provide Kerberos authentication.