iis problems with some xp clients - kerberos issue?

I'm the web dev for a 200 person company, everything herein is in our
corporate domain.

We use Kerberos authentication - the domain controler is a win2k
server.

In short I have an Intranet server (win2k) hosting a .net 2 application
and a test server (win2k) hosting a classic asp page. Both access SQL
data on different server.

Delegation is enabled for all domain users. I have "impersonate=true"
on my .net app and directories on both servers are set to use only
Windows Integrated Authentication.

Internet Explorer settings on the client are set to recognize all the
involved servers and use propper settings, windows auth is enabled,
auto logon, etc.

And both apps work for about 80% of our users. But the authentication
isn't being bassed from IE to the server to SQL as expected for the
rest, resulting in SQL errors. Our clients are all on XP. At first we
thought it was their profiles. But it's the client. The apps don't
work for anyone logged on those clients that aren't passing
authentication. And for those staff who have no problems, anyone can
log on and will have no problems / vice versa.

Then we thought it might be a hotfix/security update. Our sysadmin
ghosted an old image and the apps worked (authentication was passed to
sql), then he applied all of the updates and set up he normally would
for a new user and...it still worked.

We're not sure where to look...AD/profiles don't seem to be the
culprit, IE settings have been mimicked on working machines and
therefore seem ok, IIS/SQL is behaving normally and it works for all
users, just not all machines.

Does anyone have any idea what could be going on? Also, I was not sure
what group to post this on...it's security/networking/sql/iis or is
there a group for general MS mysteries?

I could post IIS logs, asp errors, sql errors, etc. Please let me know
what information would help in diagnosing this.

.

Relevant Pages

  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS6 Authentication Problem with SQL Server 2000
    ... They're not accessing SQL directly right? ... > a) if you are using a Windows 2000 Domain, ... > backend SQL Server. ... You need to use Kerberos authentication for this (not ...
    (microsoft.public.inetserver.iis.security)
  • Re: Security Update for SQL Server 2000 Service Pack 4 (KB948110)
    ... log into SQL Server. ... Authentication) The other is SQL Authentication where, ... the 948110 hotfix will not work on a database server ...
    (microsoft.public.windowsupdate)
  • Re: iis problems with some xp clients - kerberos issue?
    ... is the browser even attempting Kerberos Authentication? ... the webserver failing to get a service ticket for the SQL Server etc. ... Check that the site is in IE's Intranet zone (IE doesn't attempt to Kerberos ... Both access SQL ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cached Logon
    ... It appears that the IIS and the SQL are installed on one machine? ... the scenes" windows authentication information? ... The folder on IIS holds all 3 .asp files. ... On the server I was logged in as domain1\administrator. ...
    (microsoft.public.sqlserver.connect)