SPN - If HTTP, do I need to add all these URL's?
Posted on 2010-08-18
I have a 2 node 2003 cluster of IIS6 and this web application. The cluster is built, but I get periodic reports that authentication is not working. So I send them to the server name rather than the VIP name and all is well.
After some research, I find that I need to run setspn and add in all the URL's for this web app. I think this is true, but I find that the Metadata.xml file is forcing them to use NTLM. I thought that the SPN's are only to be set for all URL's if kerberos was the authentication type.
Please help me, we are having an office discussion about this and I am being told that I do not need this.
If this is not it, how can I troubleshoot the fact that IE is not passing the credentials always when using the VIP address rather than the URL to an individual server.