0

we have a web app hosted on IIS. The spn is set for hostname and works fine when negotiate, ntlm is set and user kerberos authentication. However, if we remove both of them and set negotiate:kerberos, the web app stops working.

On accessing the web page, we get error stating that the site cannot be reached. Even the app pool is also running. Still facing this prolem. Anyone have any idea on how to fix this.

amitbvsb
  • 29
  • 4
  • 1
    In most cases it is the web browser that has no idea how to work with such authentication scheme. If you don’t want to dig further into the browsers, stick to the other schemes. – Lex Li Jul 28 '20 at 17:37
  • The most likely cause is that the SPN you have registered is not matching up to the service account of IIS or the machine so it either can't find the SPN at all, or its resolving to the wrong service account. – Steve Jul 28 '20 at 19:41
  • Did you face this issue whenyou enable windows authentication for an empty website ? Besides, please try to register SPN for your application?https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on – Jokies Ding Jul 29 '20 at 04:29
  • Now the web app is not stopping. But accessing the web page is prompting for username and password. However, I can see that ticket is generated as I can see kerberos tickets on entering klist tickets command. Any idea on how to fix this? – amitbvsb Jul 29 '20 at 10:30

0 Answers0