mobilEcho SharePoint authentication methods and Kerberos configuration
mobilEcho supports SharePoint servers that allow client authentication using NTLMv1, NTLMv2, and Kerberos. If your SharePoint server requires Kerberos authentication, you will need to make an update to the Active Directory computer object for the Windows server or servers that are running the mobilEcho server software. The mobilEcho Windows server needs to be given permission to present delegated credentials to your SharePoint server on behalf of your users.
- In Active Directory Users and Computers, locate the Windows server or servers that you have mobilEcho installed on. They are commonly in the Computers folder.
- Open the Properties window for the Windows server and select the Delegation tab.
- Select “Trust this computer for delegation to specified services only“.
- Select “Use any authentication protocol“, this is required for negotiation with the SharePoint server.
- You must now add any SharePoint servers that you would like your users to be able to access using mobilEcho. If your SharePoint implementation consists of multiple load balanced nodes, you will need to add each SharePoint/Windows node to this list of permitted computers. Click Add… to search for these Windows computers in AD and add them. For each, you will need to select the “http” service type only.
- Please allow 15 to 20 minutes for these change to propagate through AD and be applied before testing client connectivity. They will not take effect immediately.