Important Checklist For Configuring IIS authentication with Kerberos

byAlex R. •July 11, 2021
https://techcommunity.microsoft.com/t5/iis-support-blog/service-principal-name-spn-checklist-for-kerberos-authentication/ba-p/347639
For a single hop, ensure that the SPN is set correctly:
If the application runs with the system account, check it like this:
setspn -L computername
It should return either HTTP/computername or HTTP/dnsname
The prefix HOST is a "catch all" for HTTP and some others. So it should be OK as well.
If the application pool runs with custom identity (which is a member of a domain), check it with
setspn -L accountname
Then configure in IIS to use application pool credentials or else it won't be able to decrypt Kerberos ticket.
Tags IIS Kerberos
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/3586246945-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY4Lb3HbZSFxiBR0LOEBMy0SQKo5ww:1728260424134';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d2139279071038304164','//alexrait.blogspot.com/2021/07/important-checklist-for-configurting.html','2139279071038304164');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '2139279071038304164', 'title': 'Coding with Alex', 'url': 'https://alexrait.blogspot.com/2021/07/important-checklist-for-configurting.html', 'canonicalUrl': 'https://alexrait.blogspot.com/2021/07/important-checklist-for-configurting.html', 'homepageUrl': 'https://alexrait.blogspot.com/', 'searchUrl': 'https://alexrait.blogspot.com/search', 'canonicalHomepageUrl': 'https://alexrait.blogspot.com/', 'blogspotFaviconUrl': 'https://alexrait.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-202988341-1', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Coding with Alex - Atom\x22 href\x3d\x22https://alexrait.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Coding with Alex - RSS\x22 href\x3d\x22https://alexrait.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Coding with Alex - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/2139279071038304164/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Coding with Alex - Atom\x22 href\x3d\x22https://alexrait.blogspot.com/feeds/5686916149414510717/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-9348007134072555', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/5567c04bb654202b', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Blog Posts', 'pageType': 'item', 'postId': '5686916149414510717', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7-yAThHeSNU1lOfdmdG3oNLyTU2n4bYm8_qxgZpD4nfgl25VcJ-g_zbnH17UHO9NK576vf6CaNJ6Pt0_mRzOPEnH3uyRXqPVqlA1dods7v-GoYG0UksvGBkipmgD4J04QTY4wft-qKsRJ/s72-w701-c-h192/image.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7-yAThHeSNU1lOfdmdG3oNLyTU2n4bYm8_qxgZpD4nfgl25VcJ-g_zbnH17UHO9NK576vf6CaNJ6Pt0_mRzOPEnH3uyRXqPVqlA1dods7v-GoYG0UksvGBkipmgD4J04QTY4wft-qKsRJ/w701-h192/image.png', 'pageName': 'Important Checklist For Configuring IIS authentication with Kerberos', 'pageTitle': 'Coding with Alex: Important Checklist For Configuring IIS authentication with Kerberos', 'metaDescription': 'Checklist to configure IIS with Kerberos authentication'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Important Checklist For Configuring IIS authentication with Kerberos', 'description': 'Checklist to configure IIS with Kerberos authentication', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7-yAThHeSNU1lOfdmdG3oNLyTU2n4bYm8_qxgZpD4nfgl25VcJ-g_zbnH17UHO9NK576vf6CaNJ6Pt0_mRzOPEnH3uyRXqPVqlA1dods7v-GoYG0UksvGBkipmgD4J04QTY4wft-qKsRJ/w701-h192/image.png', 'url': 'https://alexrait.blogspot.com/2021/07/important-checklist-for-configurting.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5686916149414510717}}, {'name': 'widgets', 'data': [{'title': 'Default Thumbnail', 'type': 'Image', 'sectionId': 'pbt-panel', 'id': 'Image52'}, {'title': 'JSON Variables', 'type': 'HTML', 'sectionId': 'pbt-panel', 'id': 'HTML50'}, {'title': 'Coding with Alex', 'type': 'Image', 'sectionId': 'main-logo', 'id': 'Image50'}, {'title': '', 'type': 'LinkList', 'sectionId': 'xdfcb-main-menu', 'id': 'LinkList200'}, {'title': 'Links', 'type': 'LinkList', 'sectionId': 'headerbar', 'id': 'LinkList201'}, {'title': 'Follow Us', 'type': 'LinkList', 'sectionId': 'headerbar', 'id': 'LinkList202'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'main', 'id': 'Blog1', 'posts': [{'id': '5686916149414510717', 'title': 'Important Checklist For Configuring IIS authentication with Kerberos', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7-yAThHeSNU1lOfdmdG3oNLyTU2n4bYm8_qxgZpD4nfgl25VcJ-g_zbnH17UHO9NK576vf6CaNJ6Pt0_mRzOPEnH3uyRXqPVqlA1dods7v-GoYG0UksvGBkipmgD4J04QTY4wft-qKsRJ/w701-h192/image.png', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'share', 'label': ''}, {'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': '\u2022'}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'comments', 'label': '$type\x3d{blogger}'}, {'name': 'icons', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Tags'}]}], 'allBylineItems': [{'name': 'share', 'label': ''}, {'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': '\u2022'}, {'name': 'comments', 'label': '$type\x3d{blogger}'}, {'name': 'icons', 'label': ''}, {'name': 'labels', 'label': 'Tags'}]}, {'title': 'You might like', 'type': 'HTML', 'sectionId': 'xdfcb-related-posts', 'id': 'HTML51'}, {'title': 'Coding with Alex (Header)', 'type': 'Header', 'sectionId': 'sidebar', 'id': 'Header1'}, {'title': 'Main Tags', 'type': 'Label', 'sectionId': 'sidebar', 'id': 'Label2'}, {'title': 'Total Pageviews', 'type': 'Stats', 'sectionId': 'sidebar', 'id': 'Stats1'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts2', 'posts': [{'title': 'Cannot open eclipse - JVM is not suitable for this product. Version: 11 or greater is required', 'id': 3500066858771067349}, {'title': 'How to use ToggleButton with MVVM in WPF', 'id': 5475463526353087097}, {'title': 'Connecting to LDAP with Ldap4Net', 'id': 606842699910963167}, {'title': 'Make nuget package to include DLLs from referenced projects', 'id': 6077285575710489654}]}, {'title': 'Most Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts1', 'posts': [{'title': 'Cannot open eclipse - JVM is not suitable for this product. Version: 11 or greater is required', 'id': '3500066858771067349'}, {'title': 'How to use ToggleButton with MVVM in WPF', 'id': '5475463526353087097'}, {'title': 'Connecting to LDAP with Ldap4Net', 'id': '606842699910963167'}, {'title': 'Make nuget package to include DLLs from referenced projects', 'id': '6077285575710489654'}, {'title': '\u05de\u05e9\u05d7\u05e7 \u05de\u05d7\u05e9\u05d1\u05d4 \u05e7\u05e9\u05d4 \u05d5\u05de\u05d0\u05ea\u05d2\u05e8', 'id': '3962768232117842107'}, {'title': 'Searching LDAP with pagination', 'id': '5624018865817244178'}]}, {'title': 'About Us', 'type': 'Image', 'sectionId': 'xdfcb-about-section', 'id': 'Image51'}]}]);
_WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image52', 'pbt-panel', document.getElementById('Image52'), {'resize': true}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML50', 'pbt-panel', document.getElementById('HTML50'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image50', 'main-logo', document.getElementById('Image50'), {'resize': true}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList200', 'xdfcb-main-menu', document.getElementById('LinkList200'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList201', 'headerbar', document.getElementById('LinkList201'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList202', 'headerbar', document.getElementById('LinkList202'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2591911167-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML51', 'xdfcb-related-posts', document.getElementById('HTML51'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'sidebar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label2', 'sidebar', document.getElementById('Label2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_StatsView', new _WidgetInfo('Stats1', 'sidebar', document.getElementById('Stats1'), {'title': 'Total Pageviews', 'showGraphicalCounter': false, 'showAnimatedCounter': false, 'showSparkline': true, 'statsUrl': '//alexrait.blogspot.com/b/stats?style\x3dBLACK_TRANSPARENT\x26timeRange\x3dALL_TIME\x26token\x3dAPq4FmBqv2Mhfw-vD5uibO35DkNGGpfMGJl7dwjZAz1AOSNNpf0oGqaoRR8LOHn4zayyl1bCBScW7-RMI8Mo4wr1Bw3nwhXZRA'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts2', 'sidebar', document.getElementById('PopularPosts2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'sidebar', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ImageView', new _WidgetInfo('Image51', 'xdfcb-about-section', document.getElementById('Image51'), {'resize': true}, 'displayModeFull'));
</script>
</body>
Important Checklist For Configuring IIS authentication with Kerberos

Post a Comment
