Solved

SharePoint with Kerberos authentication

Posted on 2007-04-11
2
712 Views
Last Modified: 2012-05-05
I am running a MOSS 2007 small farm with two load-balanced WFE servers and one SQL 2005 server. I have set up kerberos authentication
1) selected the kerberos options during install and web application creation
2) registered the SPN for my WFE computers and accounts running my application pools
3) set my WFE computers and application pool accounts as trusted for delegation in AD
4) set up the certificate on my WFEs
5) modified the IIS metabase line <IISWebServer> ...<ntauthentication="ntlm">  to <IISWebServer> ...<ntauthentication="negotiate,ntlm">

However when I go to the security tab in the Event Viewer on my web front end, it still says "NTLM" as the authentication method for many SharePoint events. Could this be correct?

Secondly, each time I open up a browser and navigate to the SharePoint site for the first time, it prompts for a user name and password. Is this the correct behavior for kerberos? Is it not extremely inconvenient for users to be prompted for this each time they open a browser window and navigate to SharePoint? I would like to get rid of ths if possible.
0
Comment
Question by:NGPSoft1
2 Comments
 
LVL 43

Accepted Solution

by:
zephyr_hex (Megan) earned 500 total points
ID: 18891388
as for your second question...
make sure the site is configured in IE as local intranet.
also, under the local intranet options, make sure User Authentication is set to "automatic logon with current username and password"

0
 
LVL 4

Author Comment

by:NGPSoft1
ID: 18891668
Thank you, that worked.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Palo Alto Networks - find the sec zone 3 64
ticket bloat 3 48
Help with preventing downloading a zip file 10 45
Orphaned SIDs on shared folders 3 30
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question