Share via


Event ID 6590 (Windows SharePoint Services health model)

Applies To: Windows SharePoint Services 3.0

 

Error

Windows SharePoint Services 3.0 uses the authentication providers that are provided by Microsoft Windows Server 2008, such as Forms authentication or Web Single Sign-On authentication, to authenticate users. When using Kerberos v5 authentication, the service account used by the Internet Information Services (IIS) application pool for your Web application must be registered in Active Directory as a Service Principal Name (SPN) on the domain on which the front-end Web server is a member.

Event Details

Product:

Windows SharePoint Services

ID:

6590

Source:

Windows SharePoint Services 3

Version:

12.0

Symbolic Name:

ULSEvtTag_6590

Message:

The application pool account for Web application %1 must be registered as a Kerberos v5 service provider. Contact a domain administrator.

Diagnose

Windows SharePoint Services 3.0 could not authenticate the user. This error might because by one or more of the following:

  • If using Kerberos v5 authentication, the Web application pool account is not a registered security provider name.

  • If using either Forms or Web Single Sign-On, the authentication provider could not be loaded because no membership provider name was specified.

  • The Web application pool needs to be restarted for changes to be saved.

You must be a member of the SharePoint Administrators group to perform this task.

To determine which authentication type the site is using

  1. In Central Administration, on the left navigation pane, click Application Management.

  2. On the Application Management page, in the Application Security section, click Authentication providers.

  3. On the Authentication Providers page, select the correct Web application for the site from the Web Application drop-down list.

  4. Click the zone for the site from the list.

  5. The authentication type is displayed on the Edit Authentication page, in the IIS Authentication Settings section.

For more information about authentication, see Plan for authentication (https://technet2.microsoft.com/windowsserver/WSS/en/library/cb8409f9-cd8a-4651-b644-250ff6b86c761033.mspx) on TechNet.

Resolve

Cause Resolution

The Web application pool account is not a registered security provider name

Register the application pool account as a service principal name

No membership provider name was specified

Specify membership provider name

Register the application pool account as a service principal name

Contact a domain administrator and ensure that the service account used by the application pool is the registered service principal name for all domains listed with the Web application.

Note

If you do not have a specific need for Kerberos v5 authentication or if you cannot configure the service principal name (SPN), use NTLM authentication instead. If you use Kerberos v5 authentication and cannot configure the SPN, only server administrators will be able to authenticate to the site. To change the authentication type, see the "To change the authentication type to NTLM" procedure.

For more information about configuring Windows SharePoint Services 3.0 to use Kerberos v5 authentication, see the Microsoft Knowledge Base article 832769, How to configure a Windows SharePoint Services virtual server to use Kerberos v5 authentication and how to switch from Kerberos v5 authentication back to NTLM authentication (https://support.microsoft.com/kb/832769/).

You must be a member of the SharePoint Administrators group to perform this task.

To specify change the authentication type to NTLM

  1. In Central Administration, on the left navigation pane, click Application Management.

  2. On the Application Management page, in the Application Security section, click Authentication providers.

  3. On the Authentication Providers page, select the zone for which you want to change authentication settings.

  4. On the Edit Authentication page, in the Authentication Type section, select Windows authentication.

  5. Under Membership Provider Name, type the name in the Membership provider name box.

  6. Under Role Manager Name, type the name in the Role manager name box.

  7. Click Save to save changes.

Specify membership provider name

You must specify the membership provider name, and (optionally) a role manager name for each Web application zone that uses either Web Single Sign-On or Forms authentication. You can use the Edit Authentication page in Central Administration to specify these names or edit them in the Web.config file for each Web application zone.

If the problem persists, see the Windows SharePoint Services 3.0 technology Evaluation and Planning guides on Tech Center for more information about Web Single Sign-On and Forms authentication configuration.

You must be a member of the SharePoint Administrators group to perform these tasks.

To specify membership provider name and a role manager name (Forms or Web single sign-on types only)

  1. In Central Administration, on the left navigation pane, click Application Management.

  2. On the Application Management page, in the Application Security section, click Authentication providers.

  3. On the Authentication Providers page, select the zone for which you want to change authentication settings.

  4. On the Edit Authentication page, in the Authentication Type section, select the Forms or Web single sign-on authentication option. Windows authentication is selected by default.

  5. Under Membership Provider Name, type the name in the Membership provider name box.

  6. Under Role Manager Name, type the name in the Role manager name box.

  7. Click Save to save changes.

To edit authentication settings for a zone

  1. In Central Administration, in the left navigation pane, click Application Management.

  2. On the Application Management home page, in the Application Security section, click Authentication providers.

  3. On the Authentication Providers page, select the zone for which you want to change authentication settings.

  4. On the Edit Authentication page, in the Authentication Type section, select the authentication option. Windows authentication is selected by default.

  5. Under IIS Authentication Settings, select the setting. Integrated Windows authentication - NTLM is selected by default. If you select Negotiate (Kerberos) you must perform additional steps to configure authentication. For more information about configuring Windows SharePoint Services 3.0 to use Kerberos v5 authentication, see the Microsoft Knowledge Base article 832769, How to configure a Windows SharePoint Services virtual server to use Kerberos v5 authentication and how to switch from Kerberos v5 authentication back to NTLM authentication (https://support.microsoft.com/kb/832769/).

  6. Click Save to save changes.

Verify

Try the authentication again.

Authentication (Health model)

Windows SharePoint Services 3.0 health model