| Kevin Dente 2005-12-03, 5:52 pm |
| Sorry for the cross-post - I posted this to inetserver.iis before I realized
there was a special security group.
-------
I've got a Windows Server 2003 box running IIS. I'm trying to use Kerberos
for authentication, so I can use delegation to access a remote server. For
some reason, the server seems to always be using NTLM to authenticate the
client - it never uses Kerberos. At least, that's what the Event Log shows
for the login request (which succeeds, it just isn't delegatable). I've
followed all of the documented steps for configuring a machine for
delegation. I've also Googled like crazy, and haven't found any resolution.
I've verified that there's a HOST SPN for the machine. I'm using the NetBIOS
name. I've used adsutil.vbs to explicity set the authentication mode to
Negotiate, NTLM. I've verified that the client is receiving Negotiate in the
HTTP header.
Meanwhile, there's another server that's sitting right next to it that
authenticates the same client with Kerberos just fine. These are both
freshly installed boxes (I've even reinstalled the one that isn't working).
Any idea how I can further diagnose the problem? It's driving me nuts.
|