ARR 3 IIS 7.5 Windows Authentication not working

Question

We have been spinning our wheels trying to get windows authentication working through ARR.

We've created a new domain account (appservices)

ARR Server (srvarr) using default app pool with user set to appservices

IIS Server (srvweb) using default app pool with user set to appservices

We've run

setspn -s domain\appservices http://srvarr

and checking using -l shows it registered for http://srvarr

srvarr is set to use anonymous authentication

srvweb is set to use windows authentication

Going directly to http://srvweb/healthCheck.txt gives a 'Working!' message Trying to go to http://srvarr/healthCheck.txt gives either a

502 - Web server received an invalid response while acting as a gateway or proxy server

or

401 - with prompt for credentials

If we turn on anonymous authentication we get the 'Working!' message from either http://srvweb/healthCheck.txt or http://srvarr/healthCheck.txt

We've tried both NTLM and Negotiate and neither seem to work.

score 3 · Accepted Answer · answered Mar 07 '14 at 16:39

We had typo'd HTTP/srvarr and HTTP/srvweb as http://srvarr and http://srvweb. Make sure you do it as the protocol instead of the url!

Also settings that might help others:

Remove both NTLM and Negotiate and add Negotiate:Kerberos and turn on UseAppPoolCredentials and off useKernelMode

Make sure all of the servers are using your domain web service account as the app pool identity

ARR 3 IIS 7.5 Windows Authentication not working

1 Answers1

Linked