Kerberos/ASP/Delegation/W2K3

• Previous message: Steven L Umbach: "Re: VPN Security."
• Next in thread: meshko_at_gmail.com: "Re: Kerberos/ASP/Delegation/W2K3"
• Reply: meshko_at_gmail.com: "Re: Kerberos/ASP/Delegation/W2K3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 19 Jul 2005 14:24:44 -0700

Hi,
We have an ASP (not .NET) application which needs to talk to network
shares and AD. In the test domain I configured the website of the ASP
app to use Integrated Windows Authentication and disabled anonymous
access, then enabled delegation for the system where the IIS runs. I
could use IE do access the website and the ASP application was working
as expected, was able to talk to both network shares on orther systems
and AD.
Now I have another test domain which seems to be exactly the same, but
the ASP app doesn't work. All systems in both domains are W2K3 with
Service Pack 1, running in something relatively close to default
configuration.
So I have domain1 and domain2, domain1 working, domain2 not. In each
domain I have basically 3 systems: client, webserver (ws),
domaincontroller (dc). From client2 I can connect to ws1 and it works.
 So IE must be doing Kerberos authentication. But client2 to ws2
doesn't work. The log messages are the same in both cases:

Type: Success Audit
Event ID: 552

Logon attempt using explicit credentials:
 Logged on user:
         User Name: Administrator
         Domain: DOMIAN2
         Logon ID: (0x0,0xFCFCA)
         Logon GUID: {b0aa1dd2-f5a8-2f4d-bcfe-d9a8c1552a94}
 User whose credentials were used:
         Target User Name: tester
         Target Domain: DOMAIN2.COMPANY.COM
         Target Logon GUID: {85ac21ef-e5cf-bae1-c62d-e69cd54dd992}

 Target Server Name: WS2.DOMAIN2.COMPANY.COM
 Target Server Info: HTTP/WS2.DOMAIN2.COMPANY.COM
 Caller Process ID: 676
 Source Network Address: -
 Source Port: -

So it looks like successful logon, but no mention of Kerberos.
If I try to get network dump on the domain controller of the domain2
and filter for Kerberos protocol I get nothing, so I suspect Kerberos
is not being used, but why?

Will appreaciate any help!

• Previous message: Steven L Umbach: "Re: VPN Security."
• Next in thread: meshko_at_gmail.com: "Re: Kerberos/ASP/Delegation/W2K3"
• Reply: meshko_at_gmail.com: "Re: Kerberos/ASP/Delegation/W2K3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Integrated windows security HTTP500 error ... - accessing the website from a PC within the network, ... it defaults to NTLM on Win2000 ... It sounds like Kerberos is not configured/working properly. ... (microsoft.public.inetserver.iis.security) Converting ASP site to .NET ... existing personal website to .NET from classic ASP. ... I'm assuming I want my aspx files in the root of my site in the same ... Previously I had my server set up so that the root folder of my web was ... (microsoft.public.dotnet.general) Re: Forcing ASP.NET 1.1 isnt working ... Since the home page was asp (unmanaged code), ... the website require access to the 2.0 framework directory. ... (and without reconfiguring any existing apps to run under ASP.NET 2.0). ... (microsoft.public.dotnet.framework.aspnet) Re: Manually Configure site for ASP .NET 2 - Revisited ... but with Windows XP x64 Edition. ... Configuring web site http//localhost/DotNetNuke to ASP .NET 2.0 failed. ... devices", I have created a website, but as soon as I carry out the last ... (microsoft.public.dotnet.framework.aspnet) Re: Access network shares with filesystemobject ... Doing gives the same results - I cannot access network shares with UNC ... >> I have a page in classic asp that accces a network drive, ... >> Private Sub Page_Load(ByVal sender As System.Object, ... (microsoft.public.dotnet.framework.aspnet)