I have been blessed to take over an old application that is now giving me a headache as part of hardening measures.
Function of the Perl application: Query active directory groups to the current NTLM authenticated user. Display of certain links depending on assigned AD groups.
The Problem:
The Perl application is the only application running on the server. Therefore only one / default website configured in IIS.
Accordingly, an AppPool belongs to the website, which is maintained with a service AD user as identity (Since the application must communicate to the AD, the AppPoolIdentity was out of the question).
This setup works as long as the service user is in the local administrator group. As soon as I remove it from there, the calls fail with a 401 error:
No credentials are available in the security package (0x8009030e)
In all likelihood it will be something simple and stupid that I just can't figure out.... The error itself doesn't give many solutions, unfortunately.
