IIS Kerberos Authentication issue;
- From: alwynpereira@xxxxxxxxx
- Date: Thu, 13 Mar 2008 06:00:06 -0700 (PDT)
Hello
I have two web applications running in different app pools. First one
[WA1] runs in the default pool [P1-LocalService], and the other [WA2]
in a seperate pool [P2] with identify of a domain account: DA1.
Window integrated authentication is enabled for both;
I access the url using http://IISMachine_NBiosName
Initially I was able to access WA1, but was not able to run WA2. For
WA2 I got the credentials dialog popped thrice before the access
denied error 401.1
Then I set the spns for DA1
HTTP/IISMachine_NBiosName & HTTP/IISMachine_FQDNName.
After this WA2 started working but WA1 stopped working;
I got the following kerberos error in the event log
KRB_AP_ERR_MODIFIED error from the server host/IISMachine_FQDNName.
The targetName used was http/IISMachine_FQDNName. This indicates that
the password used to encrypt the kerberso services ticket is different
than that on the target server. Commonly this is due to identicaly
named machine accounts in the target realm (DomainFQDNName) and the
client realm. Please contact your system administrator;
Is it that we cannot have two web applications using integrated
authentication with different accounts? LocalService & Domain account?
Since the HTTP/IISMachine_NBiosName SPN is set for the user, I assume
this conflicts with the default HOST/IISMachine_NBiosName for the
computer account?
How do I resolve this to get both my applications working? without
making them run in the same pool :)
Regards,
Alwyn
.
- Follow-Ups:
- Re: IIS Kerberos Authentication issue;
- From: Tiago Halm
- Re: IIS Kerberos Authentication issue;
- Prev by Date: Re: Howto refresh IIS 6 Application pool identity credential info
- Next by Date: Certificate mapping auth and COM+ app calling on IIS6 web site
- Previous by thread: Re: both Windows and Custom Authentication for Web Services
- Next by thread: Re: IIS Kerberos Authentication issue;
- Index(es):
Relevant Pages
|
