Kerberos Problem with App Pool running as Domain Account
- From: VC <VC@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Jun 2008 06:00:00 -0700
Good Morning,
I have multiple applications running with integrated security to connect to
a SQL back-end database. Everything works fine on our production servers
which use the default system accounts for the Application Pool. However, I
had to change this to use a domain account because our DR server needed to
work with the same DNS Alias which conflicted with the already registered
SPNs.
As recommended, on our DR server, I began testing by changing the
Application Pool to run under a domain account. I then registered the
following SPNs:
setspn –A HTTP/iisserver domain\user
setspn –A HTTP/iisserver.domain.com domain\user
setspn –A MSSQLSvc/sqlserver:1433 domain\user
Additionally, I set the domain\user account to "Account is trusted for
delegation" and the iiserver computer account to "Trust computer for
delegation". Still, I receive the following error when connecting to the
database:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
This works fine on the live server, so I'm assuming this is related to
changing the Application Pool to run under a domain account. Any suggestions
would be greatly appreciated.
Thank you
.
- Follow-Ups:
- Re: Kerberos Problem with App Pool running as Domain Account
- From: Ken Schaefer
- Re: Kerberos Problem with App Pool running as Domain Account
- Prev by Date: RE: Kerberos and ASP NET application
- Next by Date: Re: IIS 6 Cert Wizard - Copy Certificate Another Server - Access i
- Previous by thread: RE: Kerberos and ASP NET application
- Next by thread: Re: Kerberos Problem with App Pool running as Domain Account
- Index(es):
Relevant Pages
|
