Blackberry SWD-20120924140022907 - page 316

2. In Microsoft Active Directory, in the Microsoft Active Directory account properties, if the Delegation tab does not

display, update the default HOST SPN registrations for the Microsoft Active Directory account.

3. In the Microsoft Active Directory account properties, on the Delegation tab, configure the following settings:

• trust this user for delegation to specified services only

• use any authentication protocol

4. Click Add.

5. Perform one of the following tasks:

• If a pool of application servers hosts the intranet site and the pool is running on Microsoft IIS and is located behind

a load-balancer, select the user account that runs the application pools in the Microsoft IIS servers.

• If the intranet site is hosted by one application server, select the application server that hosts the intranet site.

• Verify that you configured Integrated Windows authentication for the file server that hosts the shared folders.

• Verify that you have permission to update the Microsoft Active Directory account in Microsoft Active Directory.

• Verify that you have access to the Windows Server setspn tool that is included with the Windows Server Support Tools.

For more information about the setspn tool, visit http://technet.microsoft.com to read Setspn Overview.

• If you did not configure a Microsoft Active Directory account to delegate access to an intranet site or shared folder, in

Microsoft Active Directory, you must create a Microsoft Active Directory account that should have the following

• the password meets the security requirements of your organization