Re: Overcomplicating an OS: NTLM, Kerberos, Win2003/2000 incompatibility.
From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: Fri, 8 Oct 2004 14:11:32 +1000
This doesn't make sense. You seem to have the following setup:
Client -> Windows 2003 (with SPS) -> Web Service on Windows 2000
In this case, you do not need to mark the Windows 2000 computer as "trusted
for delegation". You need to mark the WIndows 2003 machine as "trusted for
Why would you have 50,000 Windows 2003 machines that need to be trusted for
In any case, what does this have to do with your original post? You
complained about incompatible authentication. You said:
"Someone at Microsoft decided that IIS on 2003 will be using incompatible
authentication by default with 2000's IIS, and that's it, SharePoint on 2003
is not able to access the web services on 2000."
What is incompatible? Please be precise, please don't just post vague
comments about things. That way we can help you with your problem. On the
other hand, if you just want to rant and complain, please make it clear that
you are doing so, so that we don't waste time looking at your problem.
"G. Tarazi" <Tarazi (at) LiveTechnologies.ca> wrote in message
> So simple
> Install Active Directory (PC1)
> Install Windows 2003 Server / SharePoint PC2
> Install Windows 2000 Pro PC3 (for the software developers) / VS.NET C#
> Add all to the domain.
> Create a SPS site on Win2003
> Create a Web service in Win2000
> Disable the anonymous connection and keep the windows authentication on
> Call the web service (that is on W2000) in the new SPS site. W2003
> And then you will realize what I am talking about, the W2003 is using
> Kerberos the W2000 not. And making them compatible according to
> support.microsoft.com means making W2000 trusted for delegation, it can
> happen in an environment where there is 5 Pc's, but when you have 50,000 I
> don't think so.
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
>> What authentication is "incompatible"?
>> Do you really know what you're talking about? Or are you just ranting
>> because you ran into something you didn't quite understand?
>> "G. Tarazi" <Tarazi (at) LiveTechnologies.ca> wrote in message
>> I am just not getting it
>> There is a web server with Windows 2003 and a SharePoint server on it,
>> there is a 2000 server with .net 1.1 and web services on it, and both are
>> the active directory and there are thousands of computers there.
>> Someone at Microsoft decided that IIS on 2003 will be using incompatible
>> authentication by default with 2000's IIS, and that's it, SharePoint on
>> is not able to access the web services on 2000.
>> And that causes tons of treble and hundreds of lost hours of
>> Think about it next time, before someone says "Do more with less".