Setting up a small Proof of Concept project to establish a Kerberos Connection from IE8 to IIS 7.5 to SQL Server 2012, currently everything on the same server. I am using Windows Auth with impersonation as Auth user, running IIS App Pool and SQL Server under Local System, and SPNs all checkout according to DelegConfig. I cannot establish a Kerberos connection between IIS and SQL Server.
The network traffic between the client/server indicates a Kerberos connection, but IIS/SQL connection info shows an NTLM connection:
select s.session_id, net_transport, auth_scheme, s.host_name, s.login_name from sys.dm_exec_connections c inner join sys.dm_exec_sessions s on c.session_id = s.session_id where s.session_id = @@SPID;
I've gone over most of the Kerberos white papers, DelegConfig shows that everything should be working, etc. I'm thinking that this is a configuration issue that I am looking right past, but cannot find it. I was thinking it could be an issue with my domain config.
Another question: If IIS and SQL Server are located on the same server, will the connection automatically revert back to NTLM, or can I still establish a Kerberos connection? I saw this mentioned a few times.
