External Access to IIS via Kerberos Authentication

From: Mike-EEE (mike_eeee_at_hotmail.com)
Date: 06/11/04

  • Next message: Ken Schaefer: "Re: External Access to IIS via Kerberos Authentication" 
    Date: 10 Jun 2004 21:05:49 -0700

    Hello all!

    I'm having a heck of a time with a file folder share on IIS6.0.

    - I have a IIS server (IISWEB) running a website with
    "iisweb.domain.com" and "iisweb" as its headers.
    - This website is using "a share located on another computer" as its
    home directory.
    - The server has been trusted for delegation.
    - The server has anonymous access disabled, and only Windows
    Authentication enabled (kerberos).
    - I want anyone with valid credentials in the local domain to access
    http://iisweb.domain.com from anywhere in the world with an IE6.0
    browser w/ Windows Authentication enabled in its settings.

    When I access the server from http://iisweb, I can log in ok, and
    everything works as expected. However, when I try to log in via
    http://iisweb.domain.com, the only way to get it to work properly is
    to add "iisweb.domain.com" to my list of Trusted sites.

    What am I missing? How do I get this to work without having to resort
    to adding the entry in the Trusted Sites list?

    Also, external users who try to login get demoted to NTLM when they
    access http://iisweb.domain.com. Why is kerberos not being used?

    I've been trying to get this to work for months now. Any feedback
    would be GREATLY appreciated! :)

    Thanks!
    Mike

  • Next message: Ken Schaefer: "Re: External Access to IIS via Kerberos Authentication"

    Relevant Pages

    • Enable Bandwidth throttling programmatically using WMI in C#
      ... Does anybody has the script to add Bandwidth throttling and Website ... public string IPAddress ... /// Gets or sets the name of the IIS server that site ... ManagementObject ...
      (microsoft.public.win32.programmer.wmi)
    • Re: Permission Problems SBS2003 R1
      ... website on the SBS server? ... Default permissions and user rights for IIS 6.0 ... Step 3: Please check the permissions in IIS manager: ... Step 4: Re-running CEICW on SBS server: ...
      (microsoft.public.windows.server.sbs)
    • 85010014 error - Exchange ActiveSync - Resolved
      ... Application Log on our server would be filled with those ActiveSync 3005: ... It basically all comes down to the basics of Windows DNS, how SSL ... and our Default Website could only properly respond to ONE IP ... SSL host header using port 443 with our SSL cert. ...
      (microsoft.public.exchange.connectivity)
    • 85010014 error - resolved - ActiveSync Exchange Server
      ... Application Log on our server would be filled with those ActiveSync 3005: ... It basically all comes down to the basics of Windows DNS, how SSL ... and our Default Website could only properly respond to ONE IP ... SSL host header using port 443 with our SSL cert. ...
      (microsoft.public.pocketpc.activesync)
    • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
      ... > By this, I mean, usually, on the basic logon screen of a server, I see ... >>;) under the website in question, enabling only Basic authentication. ... and can use the local administrator account to successfully ...
      (microsoft.public.inetserver.iis.security)