Re: Problem with impersonation and using a different host name.
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 8 Dec 2005 14:53:45 -0600
You need to give the machine account an additional service principal name
(SPN) for http/bob.mydomain.com. There is a tool called setspn.exe that
does this. Your domain admin must run it.
That should allow the you to do Kerberos authentication with the different
DNS name. That should in turn allow delegation (assuming both sites use
Network Service as the app pool identity).
Joe K.
"Patrick Meehan" <PatrickMeehan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FD903F9F-D1BB-44D9-A462-9F3DF0B60AA1@xxxxxxxxxxxxxxxx
>I have developed a ASP.Net page with VS 2005 and SQL Server 2005. The
>server
> I am using is Windows 2003 and I have set up 2 websites, one production
> and
> one for test and development. This is our corporate intranet server and a
> DNS entry is setup to point 'intranet' to this machine, however, the
> computer
> name is different. Lets call it 'bob'. 'bob' has been trusted for
> delegation.
>
> If I go to http://bob.mydomain.net/mysite it works fine, both in test and
> production. But if I go to http://intranet.mydomain.net/mysite I get
> "Login
> failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
>
> It seems pretty clear to me that the issue is the different DNS hostname,
> but is there a work around for this?
.
- Prev by Date: Re: Error in accessing shared folder database file in ASP.net
- Next by Date: Re: Problem with impersonation and using a different host name.
- Previous by thread: Error in accessing shared folder database file in ASP.net
- Next by thread: Re: Problem with impersonation and using a different host name.
- Index(es):
Relevant Pages
|
