.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

What Domain Account should be used for C2WTS in SharePoint 2010?

Posted By:      Posted Date: September 23, 2010    Points: 0   Category :SharePoint

I have installed a brand new farm, Sharepoint 2010 Standard on Windows 2008 R2.  I've configured Kerberos for SQL and SharePoint (verified that Kerberos is working with SQL and SharePoint Central Administration).  This is the start of our company's SharePoint experience (full-blown anyways, I've used WSS 2.0 and played with 3.0 in the past).

The TechNet documentation suggests that if this is a new SharePoint farm, to use Claims-Based Authentication from the start on Web Applications.  It's also suggested to use a domain account to run the C2WTS service.

My question is what domain account should be used for the C2WTS service?  I've already got many service accounts for different parts of SharePoint, and I wasn't sure if the C2WTS needed a special account as well, since there needs to be SPNs set on it.  Can I just use an existing account, and make sure the delegations are set right, or do I need to create a new account for just the C2WTS service?

View Complete Post

More Related Resource Links

Failed to change Farm Account in Sharepoint 2010 server, now Central Administration is not accessibl

Hello, I have a problem, that I no longer can access Central Administration Website, only the Sharepoint itself. I was running installation of Sharepoint 2010 Server with administrative account ImTheAdmin, who is a Domain Admin in the domain on one of the Windows 2008 R2 member servers. Besides that, I made ImTheAdmin the primary administrator of the Sharepoint. ImTheAdmin became the only user of this Sharepoint 2010 server after installation.  I installed everything on one box with default installation settings. I used builtin SQL server, not Standard or Enterprise. What then happened is: Using ImTheAdmin account, I opened Central Administration Website, and it said, that I need to change the Farm Account, for the account for Farm was the default one (I think it was network service). So I created a regular domain user MYDOMAIN\SharepointFarmAccount. The account name was too long to be as a Windows 2000 name, so it showed there without last 't', e.g. MYDOMAIN\SharepointFarmAccoun. I thought, Windows 2000 is long gone, so I didn't pay much attention, I think everywhere the account SID is important. I don't know if that is the real problem with my failure later, but it might be one of the reasons. I put MYDOMAIN\SharepointFarmAccount down in to the form of Central Administration Website, added the check mark, that it would react to password changes, and pre

Can't view the SharePoint Site. Explorer won't take domain account

Hi, I'm having issues viewing the SharePoint 2010 Site that I have deployed from any workstation. It seems that my permissions settings have broken - even though I haven't touched them. Whenever http://start/ is visited (the Intranet top site) it asks for credentials. They should have been taken from the User that was logged onto the machine. E.g. NATWIDE\UserA. After entering the credentials, it doesn't accept them, and asks for them again. And again. And then blank page. I'm not receiving the SharePoint "restricted access" page... HOWEVER, when I log into the website via Mozilla Firefox - it appears that the credentials are fine, and it works according to the permissions set for the site from within SharePoint. Does anyone have any idea why this would be happening. I'm completely stumped and I can't find a similar issue anywhere else. I have installed a Stand-alone installation of SharePoint 2010 Server Enterprise on Server 2008. The account that installed the SharePoint server and is a FARM Administrator, can't even log in to view the page. Cheers, Stu. I do not think much of a man who is not wiser today than he was yesterday. - Abraham Lincoln

Same server farm administrator domain account for both Intranet and Internet Sharepoint site?

Hello,   We are planning to setup 2 streams of architecture for both Intranet and Internet web sites. Just wondering whether there is any best practices/security concerns if we are using the same domain account as the Server Farm Administrator for both Intranet and Internet platform?   Thanks,

How to change the System Account into Domain Administrator account in Sharepoint?

I'm attaching the captured image from the Central Admin of our Sharepoint Server. (http://www.experts-exchange.com/images/346242/Central-Admin.jpg) As you can see from the Central Admin image, the user account shown is "System Account", in whereas I logged in as our Domain Administrator. Then when you check it's info from My Settings, the details from the captured image System Account Info was shown. ( http://www.experts-exchange.com/images/346243/System-Account-Info.jpg) How can I change it as be DOMAIN\Administrator & not SHAREPOINT\system or System Account? Please advise...  

Sharepoint 2010 Web Server/Domain Controller ratio

Is this number the same 3:1 as it was in with Sharepoint 2007?

Logon to SharePoint 2010 requires \. Why?

We've installed a fairly large number of small SharePoint 2007 environments. All of these have had their own Active Directory, specified to <domainname>.local. These have been accessible from Internet, and have simply had a external DNS pointingwww.<domain>.com to the server.  In these SharePoint 2007 environments we've used Windows Authentication, and logging on has simply been a procedure of specifying username and password. It has worked just fine. However, in our first SharePoint 2010 environment, we're encountering odd problems. We use here NTLM authentication, and  domain name is <domain>.local. The domain name used in Internet iswww.<domain>.com, which points to the SharePoint 2010 environments frontend server. We'd like to login to the SharePoint environment with simple <username> and password, but it fails. We have to explicitely specify <domain>\<username> and then password to login. Why doesn't this work, and is there any relatively easy way to fix this without disturbing the environment? From logon attempts using simply username, these events appear in the Security event log: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 7.5.2010 13:15:01 Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: <COMPUTER>.<

Creating local user account in Sharepoint 2010



I need to create a few account in Sharepoint 2010 that don't belong to the active directory import. I have logged on to the Sharepoint server and created the accounts and expected them to appear when I went to Site Settings and then people and groups and searched for the account names.

I did the same in 2007 and these still appear as the machinename/username.

Is there something I don't know about?


Sharepoint Search Server Express 2008 can not index external domain fileshare with valid account


Since i have understood that sharepoint 2008 search express doesn't do any security trimming i am trying to index an external fileshare (on a non trusted domain) with it. After authenticating with the external domain account I can manually access all the files in that share i need to. Sharepoint 2008 search express somehow is unable to use the crawl rule in which i specified a different content access account (which is the external domain account).It continuously gives the error "Access is denied. Check that the Default Content Access Account has access to this content, or add a crawl rule to crawl this content."

Exactly the same configuration works fine with sharepoint search server 2010, but that does do security trimming and because of the share being completely external my users could't see any search results.

Any suggestions?

Search in SharePoint 2010 does not show results for all users other than the timer service account


I have setup a new SharePoint 2010 setup. Created Search Service application and configured. Confirmed that the crawl went fine without any error for both Local site and a file share. In the Search application i confirmed that the All Site scope shows 3890 items.

ISSUE: If any of the user [including site collection administrator] browses the site and try to search something it does NOT show result [No error either it says We did not find any results for .....]. All Site scopes does not show 3890 items but only 28.

But if the timer service account [system account] logs in the site and does the search it works fine.With this account loggd in if i check the All Site scopes i do see 3890 items.

This does seems to be some thing to do with the permission, but i am not able to get hint where the mistake is.

I have done the follow till now.

> I checked the application association is correct
> Created a new web application and confirmed that the issue exists there as well
> Checked ULS log but dont see any error related to this.
> No relavent event id in Application event viewer

Please help

Regards Ram

Sharepoint 2010 Register Managed Account


I newly created an AD Domain user account.  I'd like to add it in Sharepoint 2010 Managed Accounts.  However, I got this error:

The specified user domain\user could not be found. Some or all identity references could not be translated.

I check on Activie Directory Users and Computers.  This account is there for sure.

How do I add this user account to managed accounts, so, I'll be able to use it for Application Pool.

Thank you!!


Moving sharepoint 2010 to a new domain


I have a sharepoint 2010 multi server environment (2 wfe, 1 app server, 1 DB, 1 FAST server) that I need to move to another AD domain.

The OldDomain is our Internal network, while the NewDomain is for external access. The NewDomain does trust the OldDomain.

I currently have all the services and web app pools running as accounts in OldDomain and would like them to stay that way. There is a one-way trust between the domains (NewDomain trusts OldDomain)

The only users currently setup are in OldDomain and should also remain, but we will be adding users from NewDomain.

  • Can I simply change the domain member ship of the machines and expect it to work?
  • Should I remove each server from the farm one by one then change the domain and re-add it to the farm?
  • Can/should SharePoint servers be in different domains, IE if I move the web front ends to allow people form the Newdomain to access the sites, can/should I leave the app and fast servers in the old domain?

The main thing that I cannot do is build a new farm and migrate sites, I don't have the time or the hardware.

Thank you

Change domain AD + upgrade Sharepoint 2007->2010 = window with a request login/password


New installation of Sharepoint 2010 in Domain_A domain. I added a content database WSS_content2007 from Sharepoint 2007 (from domain Domain_B). I didn't run the command stsadm -migrateuser. New accounts from domain Domain_A were manually added to SharePoint 2010. In table Userinfo on WSS_Content2007 on Sharepoint 2010 are accounts from both domains. Old domain Domain_B was deleted.
Users get a window with a request re-enter your username and password from time to time.
What should I do? Can I delete the account from the domain Domain_B with stsadm command? Should the column tp_title contain unique records for the same user and the same site?


How to configure external domain mapping to SharePoint 2010 portal



I have created a SharePoint 2010 portal and I'm trying to configure external host header (www.xyz.com) to it. I bought www.xyz.com from provider where it was mapped to static IP address on the SharePoint server.

I tried the following options in SharePoint Admin and none of them worked.

       ·         Added xyz.com address in lmhosts and hosts files

Changing AD domain name and keep SharePoint 2010 settings



I currently have a single server with SharePoint  which is inside the aaa.org domain. Due to business requirements they need to change the domain to bbb.org. The main problem that I have is that I need to replace the aaa.org domain which is basically stop it completely and start the bbb.org domain and migrate all users to this domain.

All the settings in SharePoint when installing it, I used users from the aaa.org domain can I change this before the bbb.org domain goes live? What would be the easiest way to "migrate" the users in SharePoint to point to the new domain? 

Thank you very much. I don't have too much experience with SharePoint and I need to have a better idea on it before I change anything else.



Short Overview of SharePoint Features in Visual Studio 2010

As you probably know, Visual Studio 2010 was announced earlier this week and it contains a lot of cool features and project templates for SharePoint developers. Below is a short overview for some of the SharePoint development related features and project templates.

How to get more information about the exceptions that can happen in SharePoint 2010 projects?

In case there is an exception anywhere in the SharePoint 2010 project (most common place an exception would happen is during deployment of your SharePoint project, custom deployment configuration or custom deployment steps), there's a registry key EnableDiagnostics available for you to use.

InfoPath 2010 cannot connect to SharePoint 2010

You have installed Office 2010 beta and you are trying to connect to SharePoint 2010 from InfoPath but you get an error
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend