Welcome to ISAserver.org

kerberos

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> kerberos

Page: [1]

Message

<< Older Topic Newer Topic >>

kerberos - 4.Jan.2008 6:22:33 AM

KAYCEEXYZ2001

Posts: 14
Joined: 9.Dec.2007
Status: offline

Sharepoint 2007 is configured to use kerberos auth. This works well by passing the ISA server.

ISA 2006 is installed without using a service account. MS Firewall service is running on Network Service, all other services are running on local system.

Have configured the kerberos onstrained delegation from Tom's article for exchange, On the ISA added the 2 frontend server and services
tried using spn http/* or the external www.test.com on the auth delegation on ISA server

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202) on the bowser
and
ISA Server failed to delegate credentials using Kerberos constrained delegation to the Web site published by the rule library.embc.uk.com. Check that the SPN: http/frontend-01.test.local configured in ISA Server matches the SPN in Active Directory.

Had a look on Active directory using ADSIEDIT on SPN i can see
host/
http/frontend-01.test.local
http/frontend-02.test.local

Added the http/* using setspn command for computer account (added this when i started troubleshooting the error).

When i change the auth delegation on the rule to NTLM it works . What am i doing wrong with kerberos config.