1

I'm using:

  • Windows 10 x64 Professional (in ad domain)
  • IIS 10
  • Web site is running under local user EPM_USER, everything works except Windows authentication

Configuration: enter image description here

When I try to from another computer which is also in AD domain with valid Active Directory, login fails: enter image description here

If I change application pool that it runs under ApplicationPoolIdentity, than it works:

broadband
  • 121
  • 1
  • 2
    Why run IIS on a Windows 10 machine? Windows 10 is not intended to function as a server. – Davidw Apr 04 '22 at 19:15
  • If you’re running the application pool under a local user it doesn’t have credentials on the domain. When you run it as the applicationpoolidentity it uses the network service account which is basically the machine’s AD account. Use that, or use a domain account to run the app pool in. – Appleoddity Apr 05 '22 at 02:23
  • 1
    More info: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/ check the `useKernelMode` setting. – Appleoddity Apr 05 '22 at 02:30
  • And more detail about why this does or does not work… https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc758557(v=ws.10) Your SPN has to be configured properly to use a different account and it will not work with a local user account as mentioned. Kerberos has specific requirements. – Appleoddity Apr 05 '22 at 02:37
  • @Davidw usually I would run IIS on Windows Server, but just for testing scenario I'm running it in vmware virtual machine. – broadband Apr 05 '22 at 07:56

0 Answers0