Usage of ADERPC-SPNs in modern versions of Microsoft Windows Server

Last update: 27 July 2018

Overview

Modern versions of Microsoft Windows Server, from Windows Server 2012 onwards, require the creation of ADERPC SPNs for all Fabasoft Folio Backend Servers.

Details

According to our experience with multiple Fabasoft Folio installations using modern Microsoft Windows Server versions, potentially in combination with modern Windows Domain Functional Levels, newer versions of Microsoft Windows Server require the creation of ADERPC SPNs for all servers that are running Fabasoft Folio COO services.

If these SPNs are missing it is possible for a diverse set of issues to occur, from the inability of clients to login to the Fabasoft Folio Webclient, or problems when trying to open content objects on a client, to the simple editing of objects.

 

The following error messages are indicators that the creation of ADERPC SPNs is required:

  • Cannot login: Network error; error in security package function "InitializeSecurityContext" - errno: -2146892969
  • Cannot login: Object "<COO address>" has been deleted
  • COO Service "<COO service name>" is not available

Creation of SPNs

To create the required ADERPC SPNs you can use the following command, that should be executed once for each Fabasoft Folio backend server, on a Windows AD domain connected server with domain administration privileges:

setspn -A ADERPC/<FQDN of the backend server> <User that is running the COO service>

 

Example:

setspn -A ADERPC/cooservice.egov.example.com addomain\coouser