Cisco Catalyst LACP-based port config for HyperV NIC load balancing

NOTE: while I’m still keeping the current posts live as they still seem to help, currently my focus has changed and new activity moved to the new site iternia.be

10 Gbit/s switches are slowly becoming affordable but still I see scenario’s where HyperV servers are disclosed via gigabit. To get enough bandwith to run a lot of machines, get your SAN storage traffic across and do live migrations, you need link aggregation to get multi-gigabit speeds.

There are a few mechanisms available in HyperV to use multiple NICs for load-balancing or failover scenarios. If your HyperV 2012 servers are attached to Cisco switches, then one of the most interesting (i.m.h.o.) is the use of LACP and transportports.

Read more of this post

Kerberos authentication and delegation: ServicePrincipalNames

NOTE: while I’m still keeping the current posts live as they still seem to help, currently my focus has changed and new activity moved to the new site iternia.be

SPN’s

One of the errors that often reoccur when deploying a service is the Kerberos authentication failing for some reason when another system depends on your service. Depending users or services try to log on to your service but are not allowed to access it. This is not a problem with the enduser but with the rights of the service account on which the service itself is running. The service account doesn’t have the right to delegate access or impersonate the enduser. About 9 times out of 10 this is caused by inproper Kerberos rights due to a faulty SPN (or ServicePrincipalName) configuration and sometimes due to the delegation settings on the service account.

First lets take a look at how SPNs work in theory. An SPN consists of 2 parts

  • Service type
  • Service name [:service port]

Read more of this post