No announcement yet.

Using IIS 6 with Kerberos for Windows Authentication

  • Filter
  • Time
  • Show
Clear All
new posts

  • Using IIS 6 with Kerberos for Windows Authentication


    I don't really know much about Active Directory as I'm coming at this from the web development end of things.

    Anyway, I'm having problems getting Integrated Windows Authentication to work in IIS and suspect that there's something I have to do in AD before it will work. I have a Windows 2003 machine running IIS 6 and I have set up a test website which has Integrated Windows Authentication enabled on it. I then try to access this website from another machine in the same domain. I am logged into this machine with my domain account. Using IE8, if I have the 'Enable Integrated Windows Authentication' setting checked then it will popup the username and password dialogue but after three attempts at entering my domain username and password it is showing me a 401.1 error. If I disable this setting then it lets me into the test website straight away. I am able to log into the machine running the website as an admin with my domain account.
    I need to be able to access the website with 'Enable Integrated Windows Authentication' checked as this is the default.

    Now I understand that this issue has something to do with Kerberos so I enabled Kerberos logging and now I see an KDC_ERR_BADOPTION error appearing in the event logs roughly every two hours. I haven't been able to determine what that means exactly.

    Anyway, has anyone set up IIS to use Kerberos successfully before and what steps did they have to take to do this? I read somewhere that you may have to make the IIS machine a delegate authentication machine in AD but I haven't been able to find any more information than that. Any help would be greatly appreciated!

  • #2
    Re: Using IIS 6 with Kerberos for Windows Authentication

    i'll take a look tomorrow - i think i might be able to pull ou a solution for you, but i need to look...
    Please do show your appreciation to those who assist you by leaving Rep Point