Skype For Business Mac Kerberos Authentication
Topic Last Modified: 2013-02-21
Method 1: Change the setting manually. Imj on time tv for mac 2017. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab. Select the security zone that includes the STS URL. Typically, this is the Local Intranet zone. Click the Custom level button, and then scroll to the end of the Settings list. This article will help you plug holes that have been exploited for Denial Of Service (DOS) attacks on Skype for Business Servers, by turning off older methods used for authentication, externally, internally, or both, to your network.
Lync Server 2013 supports NTLM and Kerberos authentication for Web Services. Office Communications Server 2007 and Office Communications Server 2007 R2 used the default RTCComponentService and RTCService as the user accounts to run the Web Services application pools, allowing for a service principal name (SPN) to be assigned to the user accounts and to act as the authentication principal. Lync Server uses NetworkService to run Web Services and NetworkService cannot have SPNs assigned to it.
To solve the issue of not having Active Directory objects to hold the SPNs, Lync Server Control Panel can use computer account objects for this purpose. The computer account objects can hold the SPNs and are not subject to password expiration, which was an issue with using user accounts in previous versions.
You use Windows PowerShell cmdlets to configure the computer objects to provide Kerberos authentication.