0

My client is not requesting Kerberos tickets, but does when using fiddler. I was then advised not to use fiddler and use Wireshark, using this I can see that the client is sending an NTLM authorization when making the http request. I also enabled Kerberos logging via regedit the only issue with this is it doesn't log any errors because enabling the logging makes it work as expected, surely I shouldn't need to turn Kerberos logging on, on every machine in order to get this to work.

Noreen
  • 11
  • 2
  • "My client is not requesting Kerberos tickets" - Please elaborate on the symptoms and troubleshooting steps you taken to come to this conclusion – Mathias R. Jessen Feb 18 '15 at 16:10
  • As I said I have determined this from the wireshark logs, the exact symptom I am getting is Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'on my page, but as stated this is because my http request header is sending an NTLM Authorization and not a Kerberos Authentication ticket, which it should be sending in order to have my Identity impersonation to work. – Noreen Feb 18 '15 at 16:13

1 Answers1

0

As I stated in your other question: I ran into the same issue today. The root cause ended up being the DNS entry for the web application. It was setup as a CNAME to the IIS server. Switching it to an A record solved the issue. Make sure you allow enough time for DNS to replicate.

Lefka
  • 111
  • 1