I have 4 machines,
- one machine with Domain Controller,
- one machine with Analysis Services,
- one machine with IIS Services,
- one machine with the Application
The goal is to open the application and the user can be able to impersonated himself to the analysis services instance though the iis server.
I have tried this schema in two different environments, in the first environment is required to set spns for analysis services in an unattended service account in order to delegate user credentials, in the second environment the spns are not required in order to delegate the credentials.
The two environments have the same domain and forest functional level set to Windows Server 2012R2 and all machines are Windows Server 2012R2. The first environment is from a provider and the second is from Virtual Machines in a desktop computer. Also i checked that domain controller in virtual machines do not have any spn registered under the account which is set to application poll identity in the iis web server.
So is there any reason or some configuration that makes spns necessary or not?