Kerberos Delegation Issues
Posted on 2006-05-01
ok, going to try and cover it all.
Have a website under IIS 6.0 running under a service account on port 8080. Integrated authentication is turned on. SPN's are as follows.
These are located on the user service account
Do I need the ports in the SPN?
These are located on the machine account for the server
SQL and SMTPsvc as well, although i notice that the SQL FQDN entry has port 1433 specified
The website is trying to read info from AD. Basic user info, company dept etc. When I do this under basic (enter username and password) it returns the data fine. As soon as I try to get it to do it via integrated it stops returning any data.
I have checked the metabase for the website, it's set to "Negotiate, NTLM"
Anything else i need to look at or any good ways to troubleshoot? Thanks, I've been working on this for weeks now.