Kerberos to NTLM delegation timeout
- From: "Marc Castrechini" <castro_9@xxxxxxxxxxxxxxxx>
- Date: Mon, 13 Aug 2007 14:19:35 -0400
I apologize if this is available but there is so much on getting delegation
getting to work we aren't coming up with anything.
First off we are using constrained delegation to run a dual server
environment for ASP.NET 2.0 application under IIS 6.0 and SQL Server 2005.
All Windows Server 2k3. Our Active Directory is balanced two different
servers.
A subset of our users are receiving delegation errors at what seems like
random, inconsistent times of the day. Most of the time the majority of the
users are working fine.
Basically the Kerberos ticket appears to either expire or be overridden by
an NTLM ticket causing a double hop failure.
We have determined that the problem can temporarily be solved by doing the
following:
Close IE -> Control-Alt-Delete -> Lock -> UnLock
However, one the original problem happens this only seems to fix it for a
short while until the same error is experienced again.
Any direction or ideas at all would be greatly appreciated.
- Marc Castrechini
.
- Follow-Ups:
- Re: Kerberos to NTLM delegation timeout
- From: Marc Castrechini
- Re: Kerberos to NTLM delegation timeout
- Prev by Date: RE: 401 with Forms Authentication and Roles
- Next by Date: Re: Kerberos to NTLM delegation timeout
- Previous by thread: Padding is invalid and cannot be removed.
- Next by thread: Re: Kerberos to NTLM delegation timeout
- Index(es):
Relevant Pages
|
