We have a client that uses IE7 and Windows XP on all their workstations. We are developing an application for them based on SharePoint. Due to the architecture of the solution, Kerberos constrained delegation is required for authentication.
I have created a site collection and extended it to a website with the following security configuration:
From the SharePoint server itself (W2K8R1 with IE8), I can access the site just fine. However, when I try to access it via FQDN using IE7 from a client workstation, I get prompted three times for my user account and then I get this:
And at the same time, the server logs the following to the event log:
The crazy thing about all of this is that if I run this same test from Firefox, I login just fine. However, from looking at the event log, it appears that Firefox is using NTLM and not Kerberos.
This whole thing has me banging my head against the wall. To my knowledge, I have all of the neccessary SPN's created, but I suppose I could have missed one. I would give away 10,000 points for this one if I could, please help!
Thanks in advance.