In short: don't do it to yourself!
Okay, so that's not a realistic solution. But you know what? It is a pain in the butt. Terrible. Teeeeeeerrible. I've spent the last two days battling Kerberos, Active Directory, and NLB trying to figure out what the heck is going on with a test environment I'm building.
So this is what I came away with:
- Setting up Network Load Balancing. This is a great article on how to set up NLB before you set up your SharePoint environment.
- Setting up SharePoint with Kerberos. This is your starting point for configuring SharePoint for Kerberos. It's confusing as heck and creates an inordinate number of domain accounts which I think are totally extraneous, but it's the most extensive document that I found on the subject.
- Enabling Kerberos Logging. You're going to need it.
- Troubleshooting Kerberos/IIS Errors. Good tips on working with Kerberos.
- HTTP 401.1 with Kerberos. This document probably had the most important tip:
Important An SPN for a service can only be associated with one account. Therefore, if you use this suggested resolution, any other application pool that is running under a different domain user account cannot be used with Integrated Windows authentication only.
- Ask The Directory Services Team. A blog with many good posts on Kerberos issues. The Kerberos introduction is useful to start with.
- Wireshark. This will let you watch the Kerberos and DNS traffic which can help surface errors and provide more diagnostic information than the Windows Kerberos event logging alone. You can just trap all traffic on the physical interface and filter using "kerberos".
The tip in KB871179 was particularly useful since this, I think, was what was causing me all this trouble. Be sure that you're not registering an SPN multiple times!
There's a pretty fascinating article over at Portfolio.com by Michael Lewis fittingly titled The End which gives insight into the grimey details of how the collapse of our seemingly infallible financial markets came to be. Contrary to the right-wing nuttery that lays blame on the likes of Fannie Mae, Freddie Mac, and some bullshit idea that minority lending somehow caused all of this, Lewis points the fingers squarely on the greed of Wall Street and the financial corporations that enabled the buildup to the fall.
Eisman knew subprime lenders could be scumbags. What he underestimated was the total unabashed complicity of the upper class of American capitalism. For instance, he knew that the big Wall Street investment banks took huge piles of loans that in and of themselves might be rated BBB, threw them into a trust, carved the trust into tranches, and wound up with 60 percent of the new total being rated AAA.
He called Standard & Poor’s and asked what would happen to default rates if real estate prices fell. The man at S&P couldn’t say; its model for home prices had no ability to accept a negative number. “They were just assuming home prices would keep going up,” Eisman says.
...Wall Street had used these BBB tranches—the worst of the worst—to build yet another tower of bonds: a “particularly egregious” C.D.O. The reason they did this was that the rating agencies, presented with the pile of bonds backed by dubious loans, would pronounce most of them AAA. These bonds could then be sold to investors—pension funds, insurance companies—who were allowed to invest only in highly rated securities. “I cannot fucking believe this is allowed—I must have said that a thousand times in the past two years,” Eisman says.
That’s when Eisman finally got it. Here he’d been making these side bets with Goldman Sachs and Deutsche Bank on the fate of the BBB tranche without fully understanding why those firms were so eager to make the bets. Now he saw. There weren’t enough Americans with shitty credit taking out loans to satisfy investors’ appetite for the end product. The firms used Eisman’s bet to synthesize more of them.
...when Eisman bought a credit-default swap, he enabled Deutsche Bank to create another bond identical in every respect but one to the original. The only difference was that there was no actual homebuyer or borrower. The only assets backing the bonds were the side bets Eisman and others made with firms like Goldman Sachs. Eisman, in effect, was paying to Goldman the interest on a subprime mortgage. In fact, there was no mortgage at all. “They weren’t satisfied getting lots of unqualified borrowers to borrow money to buy a house they couldn’t afford,” Eisman says. “They were creating them out of whole cloth. One hundred times over! That’s why the losses are so much greater than the loans. But that’s when I realized they needed us to keep the machine running. I was like, This is allowed?”
He explained that the rating agencies were morally bankrupt and living in fear of becoming actually bankrupt.
“They fucked people. They built a castle to rip people off. Not once in all these years have I come across a person inside a big Wall Street firm who was having a crisis of conscience.”
...the main effect of turning a partnership into a corporation was to transfer the financial risk to the shareholders. “When things go wrong, it’s their problem,” he said—and obviously not theirs alone. When a Wall Street investment bank screwed up badly enough, its risks became the problem of the U.S. government. “It’s laissez-faire until you get in deep shit,” he said, with a half chuckle. He was out of the game.
The whole article is worth a read.
One of my favorite quotes from the news coverage:
"[Barack Obama] is the first 21st century president."
- Chuck Todd, MSNBC
They did it. They really did it. So often crudely caricatured by others, the American people yesterday stood in the eye of history and made an emphatic choice for change for themselves and the world. Though bombarded by a blizzard of last-minute negative advertising that should shame the Republican party, American voters held their nerve and elected Barack Obama as their new president to succeed George Bush. Elected him, what is more, by a clearer majority than one of those bitter narrow margins that marked the last two elections.
Check out the comments, too.
Truly a beautiful moment. I feel like I have witnessed a historic moment that, unlike 9/11 and the invasion of Iraq, is actually very positive.
I think in many ways it transcends the politics of Democratic/Republican and race. It's a repudiation of the "spend a little time on the dark side" years of Cheney.
As a Brit ex-pat living in the US, I'm finally tempted into exploring citizenship. Hey, maybe there's even a God...?
Congratulations, America, I'm truly in envy of your country right now. Oh to be so politically energised, so motivated, so...ready to do something about the world, and not in a Daily Mail, let's sack all comedians kind of way. Positive energy. I'd almost forgotten humans were capable of it, and I don't say that with any exaggeration.
Worth staying up for.
bloody hell... what a country.. after all these years living here as an ex-pat, 28, I actually want to be an American. It's 10 pm.. the kids stayed up to watch Obama's speech... my teen and i just sat there and let out tears flow.. even my 6 yr was moved to tears....
From Adelaide, South Australia I congratulate all of those who voted for Obama. I'm inspired by this and it's made me reassess my perception of the US. I had tears in my eyes today. A historic day for the US and the rest of the world. Wonderful.
Obama's election gives rise to a depressing thought: his brilliance as a candidate is nowhere to be found in British politics. Our election in whenever is going to be a gloomy event.
Nevertheless, today is a good day. Congratulations America.
Sometimes I wish I was an American, in those moments where they seem to stand apart from us. Their endless optimism and their endless desire for change and movement and history. They make history, where as an English woman I feel I am just you know in it. I don't know that much about life, or what it takes to be a successful adult because well I am just a student, full of that optimism and promise and you know I like to watch Jeremy Kyle. I sat up and watched Obama become the 44th American President, I watched Americans cry and I cried and I believed in him and his words and the fact that really, this is going to have an impact on us all and to say that we are not involved is really fruitless.
For all the bad things people say about American there are moments in there history where the prove they are the greatest country in the world. When you see that the UK may vote for posh Eton toff as our next leader and their are less ethnic MP's in Parliment than the percentage of enthic people in the country, then the UK can no longer claim to be more developed than the USA.
The USA is changing from a fist to brain. Good choice America.
I think the world just let out a huge sigh of relief; we can finally move forward and really move into the 21st century as a leader not by our might, but by the power of our example.
That the election was only about 6 percentage points apart in the popular vote speaks volumes about the general stupidity of a large portion of the population and the movement towards anti-intellectualism over the last 8 years.
But thank goodness that disaster was narrowly averted:
Your eyes do not deceive you: Fox News, of all outlets, piling on Palin and exposing a disaster in the making. Come on, not knowing that Africa is a continent? Not knowing which countries are in NAFTA after claiming bordering Canada and being able to see Russia as foreign policy credentials? Good fucking lord; I'm not religious, but even I am on the verge of thanking the Heavens that she didn't get elected into office and I hope that America never looks back to this brand of politics of idiocy.
Speaking of religion...
In contrast, check out Obama's stance on the topic of religion and policy:
Nuanced, well thought out, and beautifully centrist (as far as religion is concerned).