Setting up Kerberos authentication in Lync Server 2013
Topic Last Modified: 2013-02-21
Lync Server 2013 supports NTLM and Kerberos authentication for Web Services. Office Communications Server 2007 and Office Communications Server 2007 R2 used the default RTCComponentService and RTCService as the user accounts to run the Web Services application pools, allowing for a service principal name (SPN) to be assigned to the user accounts and to act as the authentication principal. Lync Server uses NetworkService to run Web Services and NetworkService cannot have SPNs assigned to it.
To solve the issue of not having Active Directory objects to hold the SPNs, Lync Server Control Panel can use computer account objects for this purpose. The computer account objects can hold the SPNs and are not subject to password expiration, which was an issue with using user accounts in previous versions.
You use Windows PowerShell cmdlets to configure the computer objects to provide Kerberos authentication.
In This Section
Prerequisites for enabling Kerberos authentication in Lync Server 2013
Create a Kerberos authentication account in Lync Server 2013
Assign a Kerberos authentication account to a site in Lync Server 2013
Setting up Kerberos authentication account passwords in Lync Server 2013
In Lync Server 2013 add Kerberos authentication to other sites
In Lync Server 2013 remove Kerberos authentication from a site
Testing and reporting the status and assignment of Kerberos authentication in Lync Server 2013