Topic Last Modified: 2010-11-08

To successfully complete this procedure you should be logged on as a user who is a member of the RTCUniversalServerAdmins group.

You must set up a password on the Kerberos account for each site that has Front End Servers, Standard Edition servers, and Directors. You can set up the password by running the Set-CsKerberosAccountPassword Windows PowerShell cmdlet on one server in the site (for example, one Front End Server). For each site, you must run the Set-CsKerberosAccountPassword cmdlet. The cmdlet configures Internet Information Services (IIS) for the Web Services service, and then sets the password on the computer account in Active Directory Domain Services (AD DS). An alternate method, based on which parameter is used with the cmdlet, configures IIS on one server while using another server that has been configured as the source of the Kerberos account password.

When you use the Set-CsKerberosAccountPassword cmdlet to set a password, Kerberos sets the password to a randomly generated string. This cmdlet contacts all IIS instances in all Lync Server 2010 central sites to which this account is assigned.

To set a password for a Kerberos authentication account

  1. Log on to any domain computer with Lync Server Management Shell installed as a member of the RTCUniversalServerAdmins group.

  2. Start the Lync Server Management Shell: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Management Shell.

  3. From the command line, run the following two commands:

    Copy Code
    Set-CsKerberosAccountPassword -UserAccount "Domain\UserAccount"

    For example:

    Copy Code
    Set-CsKerberosAccountPassword -UserAccount "contoso\KerbAuth"
    You must specify the UserAccount parameter by using the Domain\User format. The User@Domain.extension format is not supported for referencing the computer objects created for Kerberos authentication purposes.
    After making any changes to Kerberos authentication, such as adding an account or removing an account, you must run Enable-CsTopology from the Lync Server Management Shell command prompt.