Microsoft Corporation

Published: March 2011

Author

Matthew J. Goedtel

Feedback

Send suggestions and comments about this document to mgoedtel@microsoft.com. Please include the document name with your feedback.

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2008 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

 

 

Release Date	Changes
April , 2011	Original release of this guide

 

 

 

Introduction........................................................................................................................... 5

Deployment Scenarios........................................................................................................... 6

Requirements........................................................................................................................ 8

Service Level Dashboard.................................................................................................... 8

WSS 3.0 SP2..................................................................................................................... 8

IIS 7.0 Server Role............................................................................................................. 9

SQL Server Configuration................................................................................................. 10

Manually Creating Windows SharePoint Services 3.0 Databases..................................... 10

Required accounts............................................................................................................ 11

WSS 3.0 Deployment overview............................................................................................. 13

Install Windows SharePoint Services in a Server Farm Environment................................... 13

Run the SharePoint Products and Technologies Configuration Wizard................................. 13

Configure Windows Firewall with Advanced Security.......................................................... 15

Add the SharePoint Central Administration Web site to the list of trusted sites..................... 17

Configure proxy server settings to bypass the proxy server for local addresses.................. 18

Register Service Principal Names (SPNs)......................................................................... 18

Configure trust for delegation for Web parts.................................................................... 18

Modifying DCOM Permissions for the IIS WAMREG Admin Service.................................... 19

Install Operations Manager Service Level Dashboard............................................................ 21

Install the Service Level Dashboard................................................................................... 21

Grant User Permissions to the Site.................................................................................... 22

Configure Default Appearance of the Dashboard................................................................ 23

Create Additional Service Level Dashboard Sites............................................................ 23

Create Additional Service Level Dashboard Sites............................................................... 24

To create a Service Level Dashboard site.................................................................... 25

Troubleshooting................................................................................................................ 26

Creating Service Level Objectives........................................................................................ 28

Scenario 1: Creating a Service Level Dashboard for a Distributed Application..................... 28

Scenario 2: Creating a Service Level Dashboard for a Group.............................................. 30

Scenario 3: Creating a Service Level Dashboard for an IT Service...................................... 32

Viewing the Service Level Dashboard................................................................................... 34

SLD Web Parts................................................................................................................. 34

Parameters.................................................................................................................... 34

Service Levels............................................................................................................... 35

Service Level Targets.................................................................................................... 36

Service Level Objectives................................................................................................ 36

Components Description............................................................................................. 36

Uptime and Downtime Calculations.............................................................................. 37

Worst Performing Service Level Objective...................................................................... 37

Appendix - Reference Information......................................................................................... 38

Windows SharePoint Services 3.0..................................................................................... 38

Service Level Dashboard for Operations Manager 2007 R2................................................ 38

Operations Manager 2007 R2............................................................................................ 38

Microsoft Operations Framework 4.0................................................................................. 39

The Service Level Dashboard for System Center Operations Manager 2007 R2 addresses the need that managers, application owners, and IT professionals have to make sure that their resources (applications and systems) are available and performing at acceptable levels.  It does this by tracking, reporting, and helping to manage service levels for line-of-business (LOB) applications and IT services.  Most organizations have a number of LOB applications that are managed by IT and used by one or more business groups.  The work that these applications perform is often business-critical.  IT and the primary user of the application customarily seek to ensure that an application’s performance and availability meet requirements by putting in place a service level agreement (SLA).  The SLA governs a range of service aspects of applications that can include everything from outage response time to expected response time of a transaction executed.

In order to determine that a service level commitment is being met, IT and business users must be able to monitor service levels.

The Service Level Dashboard (SLD) meets the need of organizations to track service levels not only for an application, but also for an application as a service, a group, or a class of object. It identifies any shortfalls between service goals and actual performance, thereby enabling organizations to accurately measure and view, in near real time, Service Level Objectives (SLOs) for business-critical applications or groups of objects within Microsoft® System Center Operations Manager 2007 R2. This means that organizations are aware of problems as soon as they appear and can track their relative business impact. The Service Level Dashboard also helps IT to proactively fix problems in services before service levels are breached.

This document provides deployment guidance for installing and configuring the System Center Operations Manager 2007 R2 Service Level Dashboard, including guidance on installing and configuring Windows SharePoint Services 3.0 (WSS) within your environment.  It is not intended to replace existing documentation released by Microsoft for the architecture planning and deployment of Windows SharePoint Services 3.0. 

The Service Level Dashboard supports being deployed in several different configurations.   It can be deployed onto an existing Windows SharePoint Services 3.0 standalone computer or a server farm, a new installation of Windows SharePoint Services 3.0 standalone computer or server farm, or a new or existing Office SharePoint Services 2007 farm.  This document covers the deployment of a new Windows SharePoint Services 3.0 server farm topology dedicated for the Service Level Dashboard for customers who do not have experience with Windows SharePoint Services 3.0.  The Server farm topology is the most flexible by providing you with the option to leverage SQL Server 2005, SQL Server 2008 or SQL Server 2008 R2 to host the WSS databases, and expand beyond one web front-end server to provide redundancy and load-balancing.

In addition, there are options to consider for the deployment of the WSS and SLD SQL databases, which are:

1. Installing SQL Server 2005, SQL Server 2008, or SQL Server 2008 R2 locally on the Windows server that will be deployed to support a WSS 3.0 single or multi-server farm topology and the Service Level Dashboard.  This scenario is typically utilized if there are security, performance, or support concerns regarding the hosting of these databases on an existing SQL Server database farm.  This scenario also supports the deployment of the databases on a dedicated cluster to support high-availability requirements.
2. Deploying the WSS and SLD database on the SQL Server hosting the Operations Manager Data Warehouse database.  Due to the minimal read/write activity of these databases, co-locating these databases with the Operations Manager Data Warehouse database is an appropriate deployment scenario.  Ensure adequate storage space is available on the volume hosting the OperationsManagerDW database and the WSS/SLD databases to support future growth. 
3. Deploying the SLD and WSS databases on a shared SQL server hosting databases for other applications.  This scenario is typically utilized if there is no security, performance, or supportability concerns. 

Windows SharePoint Services supports a standalone server or a server farm configuration.  A standalone configuration is useful if you want to evaluate Windows SharePoint Services 3.0 features and capabilities, such as collaboration, document management, and search. The standalone configuration leverages the Windows Internal Database to host the WSS configuration and content databases.  In a simple server farm topology, you can deploy in a server farm environment if you are hosting a large number of sites, if you want the best possible performance, or if you want the scalability of a multi-tier topology.  A server farm consists of one or more servers dedicated to running the Windows SharePoint Services 3.0 application and utilizes SQL Server 2005, SQL Server 2008, SQL Server 2008 R2 to host the WSS configuration and content databases.  There is no direct upgrade from a standalone installation to a server farm installation.

 

This document recommends implementing the server farm configuration as it allows you to easily expand the solution if performance and availability are important business or IT requirements.

Note:

This document does not provide guidance on configuring complex configuration scenarios such as installing additional web front-end servers to support load-balancing.  For detailed guidance on deploying additional web front-end servers, please review the WSS 3.0 Deployment Guide, which you can download from http://go.microsoft.com/fwlink/?LinkID=79602.

Service Level Dashboard

Service Level Dashboard 2.0 integrates with the already functioning deployment of Operations Manager 2007 R2. It is assumed Operations Manager 2007 R2 and the Data Warehouse database are configured in accordance with Microsoft installation and configuration guidance.

The following table lists software requirements for the Service Level Dashboard:

 

Infrastructure	Resource
Software	Operations Manager 2007 R2 with Reporting and Data Warehouse Windows SharePoint Services 3.0 SP2 x64.  Download link - http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9fb41e51-cb03-4b47-b89a-396786492cba&DisplayLang=en SQL Server 2008 R2. Note   Typically, WSS and MOSS installations install SQL Server Embedded Edition, which does not meet the Service Level Dashboard requirement to create SLD content database. Microsoft .NET Framework 3.5
Browser	Microsoft Internet Explorer 7.0 or greater

Table 1 - Software Requirements

WSS 3.0 SP2

This information applies to Microsoft Windows Server 2008 and Windows Server 2008 R2, and SQL Server 2008 and SQL 2008 R2. 

As of Windows SharePoint Services 3.0 with Service Pack 1 (SP1), you can now install Windows SharePoint Services 3.0 on Windows Server 2008. With the release of Windows SharePoint Services 3.0 with Service Pack 2 (SP2), you can now install on Windows Server 2008 x64 and Windows Server 2008 R2. 

 

As with the Windows Server 2003 operating system, you must download and run Setup and the SharePoint Products and Technologies Configuration Wizard. You cannot install Windows SharePoint Services 3.0 without the appropriate service packs on Windows Server 2008 or Windows Server 2008 R2.

Important:

The following components are required for Windows SharePoint Services 3.0 to run correctly: the Web Server role, and the Microsoft .NET Framework 3.5 for Windows Server 2008, or .NET Framework 3.51 for Windows Server 2008 R2.  Do not uninstall them, or Windows SharePoint Services 3.0 will cease to run. 

IIS 7.0 Server Role

Before you install and configure Windows SharePoint Services 3.0, you must install and configure Internet Information Services so your computer acts as a Web server.

1. Log onto the Windows Server 2008 or Windows Server 2008 R2 server with an account that has administrative rights.
2. Configure a server role and enable ASP.NET and IIS.  To do this, perform the following steps:
1. Click Start, and then click Server Manager.
2. In Server Manager, right-click Manage Roles, and then click Add roles.  The Add Roles Wizard starts.
3. In the Add Roles Wizard, click Select Server Roles.
4. On the Select Server Roles page, select the Web Server (IIS) check box, and then click Next.

Note:  The Add Role Wizard displays a dialog box indicating the following required features must also be installed in support of the Web Server (IIS) role:

·        Windows Process Activation Service

·        Process Model

·        Configuration APIs

5. On the Role Services page, expand Common HTTP Features, and then select the following check boxes:

·        Static Content

·        Default Document

·        Directory Browsing

·        HTTP Errors

·        HTTP Redirection

6. Expand Application Development, and then select the ASP.NET check box.

Note:  The Add Role Wizard will display a dialog box indicating the following required features must also be installed in support of the ASP.NET:

·        Web Server Application Deployment:

·        ISAPI Extensions

·        ISAPI Filters

·        .NET Extensibility

·        Windows Product Activation Service

·        .NET Environment

7. Expand Security, and then select the Windows Authentication check box.
8. Expand Performance, and then select Dynamic Content Compression check box.
9. Expand Management Tools, expand IIS 6 Management Capability, and select the following check boxes:

·        IIS Metabase Compatibility

·        IIS 6 WMI Compatibility

·        IIS 6 Management Console

10. Click Next, and then click Install.

SQL Server Configuration

The SQL Server database collation must be configured for case-insensitive, accent-sensitive, Kana-sensitive, and width-sensitive. This is used to ensure file name uniqueness consistent with the Windows operating system.

Only the database component of SQL Server is required in support of this configuration.

Manually Creating Windows SharePoint Services 3.0 Databases

In many IT environments, database creation and management are handled by the database administrator (DBA). Security and other policies might require the DBA to create the databases required by Windows SharePoint Services 3.0. For more information about manually creating the databases, including detailed procedures describing how the DBA can create these databases, see the section Deploy using DBA-Created Databases in the WSS 3.0 Deployment Guide.  

Required accounts

The following table describes the accounts used to configure SQL Server and to install Windows SharePoint Services 3.0.

 

Account	Purpose	Requirements
SQL Server Service Account	This account is used as the service account for the following SQL Server services: ·      MSSQLSERVER ·      SQLSERVERAGENT If you are not using the default instance, these services will be shown as: ·      MSSQL$InstanceName ·        SQLAgent$InstanceName	SQL Server prompts for this account during SQL Server Setup. You have two options: ·      Assign one of the built-in system accounts (Local System, Network Service, or Local Service) to the logon for the configurable SQL Server services. For more information about these accounts and security considerations, refer to the Setting Up Windows Service Accounts topic (http://go.microsoft.com/fwlink/?LinkId=121664&clcid=0x409) in the SQL Server documentation. ·      Assign a domain user account to the logon for the service. However, if you use this option you must take the additional steps required to configure Service Principal Names (SPNs) in Active Directory in order to support Kerberos authentication, which SQL Server uses.
Setup user account	The Setup user account is used to run the following: ·      Setup on each server ·      The SharePoint Products and Technologies Configuration Wizard ·      The PSConfig command-line tool ·      The Stsadm command-line tool	·      Domain user account ·      Member of the Administrators group on each server on which Setup is run ·      SQL Server login on the computer running SQL Server ·      Member of the following SQL Server security roles: ·      securityadmin fixed server role ·      dbcreator fixed server role If you run Stsadm command-line tool commands that read from or write to a database, this account must be a member of the db_owner fixed database role for the database.
Server farm account/Database access account	The Server farm account is used to: ·      Act as the application pool identity for the SharePoint Central Administration application pool. ·      Run the Windows SharePoint Services Timer service.	·      Domain user account. Additional permissions are automatically granted for this account on Web servers and application servers that are joined to a server farm. This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles: ·      dbcreator fixed server role ·      securityadmin fixed server role ·      db_owner fixed database role for all databases in the server farm
Operations Manager Service Level Dashboard Application Pool Identity	The Service Level Dashboard installation sets this user credential for the application pool in IIS.	·        Domain user account Additional permissions are automatically granted for this account on the Web servers that are joined to a server farm.  This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles: ·        SLDReader role on the Operations Manager Data Warehouse database ·        db_owner fixed database role for the SLDSession and WSS_Content databases

Table 2 - Required Security Accounts

Important:

This article discusses how to perform a clean installation of Windows SharePoint Services 3.0 in a server farm environment. It does not cover upgrading from previous releases of Windows SharePoint Services 3.0 or from previous releases of Windows SharePoint Services. For more information about upgrading from a previous release of Windows SharePoint Services, see Upgrading to Windows SharePoint Services 3.0 in the Windows SharePoint Services 3.0 Deployment Guide.

Note:

This article does not cover installing Windows SharePoint Services 3.0 on a single computer as a standalone installation.

Install Windows SharePoint Services in a Server Farm Environment

1. From the installation source, run Setup.exe.
2. On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.
3. On the Choose the installation you want page, click Advanced.
4. On the Server Type tab, click Web Front End.
5. Optionally, to install Windows SharePoint Services 3.0 at a custom location, select the Data Location tab, and then type the location name or Browse to the location.
6. When you have chosen the correct options, click Install Now.
7. When Setup finishes, a dialog box appears that prompts you to complete the configuration of your server.  Be sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected.
8. Click Close to start the configuration wizard. Instructions for completing the wizard are provided in the next set of steps.

Run the SharePoint Products and Technologies Configuration Wizard

After Setup finishes, you can use the SharePoint Products and Technologies Configuration Wizard to configure Windows SharePoint Services 3.0. The configuration wizard automates several configuration tasks, including: installing and configuring the configuration database, installing Windows SharePoint Services 3.0 services, and creating the Central Administration Web site. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard.

1. On the Welcome to SharePoint Products and Technologies page, click Next.
2. Click Yes in the dialog box that notifies you that some services might need to be restarted during configuration.
3. On the Connect to a server farm page, click No, I want to create a new server farm, and then click Next.
4. On the Specify Configuration Database Settings page, indicate in the Database server box the name of the SQL Server and an instance name if the default instance is not used.  Enter in the format <servername\instance> .
5. In the Database name box leave the default name SharePoint_Config.
6. In the User name box, type the user name of the server farm account. (Be sure to type the user name in the format DOMAIN\username.)

Important:

This account is the server farm account and is used to access your SharePoint configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. The user account that you specify as the service account must be a domain user account, but it does not need to be a member of any specific security group on your Web servers or your back-end database servers. We recommend that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group on your Web servers or your back-end servers.

7. In the Password box, type the user account password, and then click Next.

8.      On the Configure SharePoint Central Administration Web Application page, select the Specify port number check box and type a port number if you want the SharePoint Central Administration Web application to use a specific port, or leave the Specify port number check box cleared if you do not care which port number the SharePoint Central Administration Web application uses.

9.      On the Configure SharePoint Central Administration Web Application dialog box, do one of the following:

·      If you want to use NTLM authentication (the default), click Next.

·      If you want to use Kerberos authentication, click Negotiate (Kerberos), and then click Next.

Note:

In most cases, you should use the default setting (NTLM). Use Negotiate (Kerberos) only if Kerberos authentication is supported in your environment. Using the Negotiate (Kerberos) option requires you to configure a Service Principal Name (SPN) for the domain user account. To do this, you must be a member of the Domain Admins group. For more information, see the sections Register Service Principal Names (SPNs) and Configure trust for delegation for Web parts.

10. On the Completing the SharePoint Products and Technologies Configuration Wizard page, click Next.
11. On the Configuration Successful page, click Finish.

The SharePoint Central Administration Web site home page opens.

Note:

If you are prompted for your user name and password, you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Instructions for configuring these settings are provided in the next set of steps.

Note:

If a proxy server error message appears, you might need to configure your proxy server settings so that local addresses bypass the proxy server. Instructions for configuring this setting are provided later in this section.

Configure Windows Firewall with Advanced Security

After you create Web applications in your server farm, you must use Windows Firewall with Advanced Security in Windows Server 2008 to open ports on computers that host Web Applications. 

By default, port 80 is open on Web servers, but to be able to communicate with other computers you must open the port for Central Administration. You must also open the ports for any additional Web applications that you create in your server farm.

The default configuration of the Windows Server 2008 firewall is to deny all connections unless there is an exception. Make sure you create the exceptions for the currently enabled profile (Private, Public, or Domain) when you are making changes to ports. If you create the exceptions in the wrong profile they will not work.

Note:

If you configure host headers in IIS, the ports for the Web Applications will be created on port 80 and you may not have to perform the procedures in this section. If, however, you use the host header mode in Windows SharePoint Services 3.0 to create multiple domain-named sites in a single Web application you will need to perform the procedures in this section to determine which ports the Web applications, including Central Administration, will use in your server farm.

Determine ports used by Web Applications

1.   Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.  2.   On the Central Administration site, click Application Management.  3.   On the Application Management Web page, in the SharePoint Web Application Management section, click Web application list. 4.   On the Web Application List Web page, in the URL column, the server name with port number is listed for each Web application.

You should use Windows Firewall with Advanced Security to open the ports required for your server farm as identified in the Determine ports used by Web Applications procedure.

For ease in managing the rules, we recommend that you create one rule per Web application. Alternatively, for more centralized rule management you can create one rule to manage all the ports.

For Web applications you only need to create a rule to open a port for incoming connections.

Configure Windows Firewall with Advanced Security

1.   Click Start, point to All Programs, point to Administrative Tools, and then click Windows Firewall with Advanced Security. 2.   On the details pane, in the Overview section, verify that the domain profile is active by noting if the domain network location entry displays Domain Profile is Active. 3.   In the Domain Profile is Active area, depending on how the inbound connections rule is configured, choose one of these options. ·      If it is Inbound connections that do not match a rule are allowed, then you do not need to complete this procedure. ·      If it is Inbound connections that do not match a rule are blocked, then you must proceed to the next step in this procedure to configure the firewall to allow Windows SharePoint Services 3.0 traffic. 4.   On the console tree, select Inbound Rules, and then in the action pane click New Rule. 5.   Complete the New Inbound Rule Wizard using the settings from the following table.   Wizard page Settings Rule Type Select Port. Protocol and Ports Select TCP. Select Specific local ports. In the Specific local ports text box, identify all the ports that you need. Action Select Allow the connection. Profile Enable Domain. Clear Private and Public. Name In the Name and Description text boxes type information that is both descriptive and meaningful for your network administrators. As a best practice, we recommend that you give the firewall rules a unique name. Unique names makes management using the netsh commands much easier.

For more information about Windows Firewall with Advanced Security, see Windows Firewall (http://go.microsoft.com/fwlink/?LinkID=84639).

Add the SharePoint Central Administration Web site to the list of trusted sites

1. In Internet Explorer, on the Tools menu, click Internet Options.
2. On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted sites, and then click Sites.
3. Clear the Require server verification (https:) for all sites in this zone check box.
4. In the Add this Web site to the zone box, type the URL for the SharePoint Central Administration Web site, and then click Add.
5. Click Close to close the Trusted sites dialog box.
6. Click OK to close the Internet Options dialog box.

Configure proxy server settings to bypass the proxy server for local addresses

1. In Internet Explorer, on the Tools menu, click Internet Options.
2. On the Connections tab, in the Local Area Network (LAN) settings section, click LAN Settings.
3. In the Automatic configuration section, clear the Automatically detect settings check box.
4. In the Proxy Server section, select the Use a proxy server for your LAN check box.
5. Type the address of the proxy server in the Address box.
6. Type the port number of the proxy server in the Port box.
7. Select the Bypass proxy server for local addresses check box.
8. Click OK to close the Local Area Network (LAN) Settings dialog box.
9. Click OK to close the Internet Options dialog box.

Register Service Principal Names (SPNs)

Because the application pool identity for Windows SharePoint Services is a domain user account, you must configure an SPN for that account. To configure an SPN for the domain user account, follow these steps:

Use the Setspn.exe tool to add an SPN for the domain account. To do this, follow these steps:

1. Type the following line at the command prompt, and then press ENTER:
2. Setspn -A HTTP/FQDN ServerName Domain\UserName

Note:  In this command, ServerName is the fully qualified domain name (FQDN) of the server, Domain is the name of the domain, and UserName is the name of the domain user account.

3. Type the following line at the command prompt, and then press ENTER:
4. Setspn -A HTTP/NETBIOS ServerName Domain\UserName

Note:  In this command, ServerName is the NETBIOS name of the server, Domain is the name of the domain, and UserName is the name of the domain user account.

Configure trust for delegation for Web parts

To configure the IIS server to be trusted for delegation, follow these steps:

1. Start Active Directory Users and Computers.
2. In the left pane, click Computers.  If the computer object is hosted in a user-defined OU, select the applicable OU.
3. In the right pane, right-click the name of the WSS server hosting the Web Server (IIS) Role, and then click Properties.
4. Click the Delegation tab, select the radio button Trust this computer for delegation to any service (Kerberos only), and then click OK.
5. Quit Active Directory Users and Computers.

If the application pool identity is configured to use a domain user account, the user account must be trusted for delegation before you can use Kerberos authentication. To configure the domain account to be trusted for delegation, follow these steps:

1. On the domain controller, start Active Directory Users and Computers.
2. In the left pane, click Users.  If the account is hosted in a user-defined OU, select the applicable OU.
3. In the right pane, right-click the name of the application pool identity for Windows SharePoint Services user account, and then click Properties.
4. Click the Delegation tab, select the radio button Trust this computer for delegation to any service (Kerberos only), and then click OK.
5. Quit Active Directory Users and Computers.

If Kerberos authentication is configured correctly, when you launch the SharePoint Central Administration Web and you are prompted for authentication, the web site should present the administration page successfully.  Otherwise, open the Event Viewer and look in the System event log for an Event ID 4 from source Security-Kerberos to begin troubleshooting.

Modifying DCOM Permissions for the IIS WAMREG Admin Service

When running Windows Server 2008 R2, Event ID 10016 DCOM error 61738644-F196-11D0-9953-00C04FD919C1 related to the IIS-WAMREG Admin Service may be written in the Application Event Log.  To correct this, please perform the following steps:

1. Open Registry Editor from an elevated command prompt.
2. Navigate to HKCR\AppID\{61738644-F196-11D0-9953-00C04FD919C1}.
3. Right-click on the key and select Permissions.
4. In the Permissions dialog box, press the Advanced button.
5. In the Advanced Security Settings for dialog box, highlight the local Administrators group under the Change owner to list, click on the check box for the option Replace owner on subcontainers and objects, and click OK.
6. In the Permissions dialog box, select the Administrators group in the Group or user name list, and under the Permission for list, click the Full Control check box to select.
7. Click OK and then close the Registry Editor.
8. Open the Component Services MMC snap-in under the Administrative Tools start menu folder.
9. In the console tree, right-click the DCOM application IIS WAMREG Admin Service, and then click Properties.
10. Click the Security tab.
11. Under