Mike Laurencelle

I'm a SharePoint & Server Systems Administrator for Sears Home Improvement Products, headquartered in sunny Longwood, Florida. My primary functions revolve around SharePoint and Virtualization technologies.

I've been in the IT industry now for about 18 years. For me, IT is more than a job to make a living, more than a career to call my own. It's my passion. I am a self proclaimed geek and have interest in all things technology. I can't imagine being in any other field - I absolutely love what I do.

SharePoint Search & Kerberos


Posted on : 11:47 PM | By : Mike Laurencelle | In : , ,

After recently converting our SharePoint farm's authentication method from NTLM to Kerberos for Excel Services, PerformancePoint, and SSRS Integration among other things in a distributed environment, I found that People Search stopped working. Search for all other content within our content sources, both inside and outside of SharePoint, continued to work just fine. However, when you perform a search within the People Search, no results would be displayed.

To resolve this, I went into Application Management within the Central Administrator and Extended the web app that MySites were on (which is where the search gathers its People info for during an index) and created a new site that was using NTLM authentication instead of Kerberos. Next, I changed our content source in the SSP's Search Settings so that the People Search utilized the new MySite site instead of the normal one that is using Kerberos - sps3://mysite.domain.com:5556 instead of sps3://mysite.domain.com

Run a full crawl and Voila! - People Search started working properly.

To cut down on the possibility that someone would stumble across the new site and utilize it without Kerberos Authentication, I restricted access to this site via an IIS 7 Authorization Rule so that only the SharePoint service accounts are allowed to access that site. I also created a Server Name Mapping in Search Settings so that anything found in mysite.domain.com:5556 would be automatically rewritten as mysite.domain.com so that users won't know the difference.

Share this :

  • Stumble upon
  • twitter

Comments (0)