Setting up Kerberos authentication in Lync Server 2013

 

Topic Last Modified: 2013-02-21

Lync Server 2013 supports NTLM and Kerberos authentication for Web Services. Office Communications Server 2007 and Office Communications Server 2007 R2 used the default RTCComponentService and RTCService as the user accounts to run the Web Services application pools, allowing for a service principal name (SPN) to be assigned to the user accounts and to act as the authentication principal. Lync Server uses NetworkService to run Web Services and NetworkService cannot have SPNs assigned to it.

To solve the issue of not having Active Directory objects to hold the SPNs, Lync Server Control Panel can use computer account objects for this purpose. The computer account objects can hold the SPNs and are not subject to password expiration, which was an issue with using user accounts in previous versions.

You use Windows PowerShell cmdlets to configure the computer objects to provide Kerberos authentication.

In This Section

• Prerequisites for enabling Kerberos authentication in Lync Server 2013

• Create a Kerberos authentication account in Lync Server 2013

• Assign a Kerberos authentication account to a site in Lync Server 2013

• Setting up Kerberos authentication account passwords in Lync Server 2013

• In Lync Server 2013 add Kerberos authentication to other sites

• In Lync Server 2013 remove Kerberos authentication from a site

• Testing and reporting the status and assignment of Kerberos authentication in Lync Server 2013