Focus on WSSv3/MOSS upgrade…keeping Kerberos in mind

This is my first post in awhile because I have been intently learning and experimenting with WSSv3 and MOSS 2007. I will be focusing on upgrade for awhile. In fact, I am going to put a series of short posts on getting ready for WSSv3/MOSS.

First quick note: If you have followed my earlier advice and are running with Kerberos instead of NTLM for WSSv2/SPS then this is important. Make sure if you choose to perform a gradual upgrade that you have registered your servicePrincipalNames (SPN) for the new URL you will be using during the redirect prior to running setup. Why? It is necessary because clients ask for a ticket based on the URL of the server (or load balancer). Once you start redirecting for the gradual upgrade your tickets will be invalid for the v2 environment.

For example, if your URL is for the pre upgrade URL and you choose , then you will need two SPNs. One for v2 redirects URL which will now be and another for v3 which is It is recommended that you use the same Application Pool Identity (account) in v3 that you used in v2. Therefore, you will end up with both SPNs registered on the same account. To sum up:

App Pool Identity= Contoso\SpPoolAcct

Domain= Contoso

Pre upgrade URL for v2=

Post upgrade URL for v2 =

Post upgrade URL for v3 =

Setspn command to register the new SPN for upgrade= setspn –A http/ contoso\SpPoolAcct