We have several IIS hosted sites using windows authentication. Some of our users can logon in one of the sites, but getting never-ending authentication challenge in another (the second one is used in an iframe of first). We found out that users that can't logon are using Kerberos authentication (others NTLM). All of the sites are using the same authorization settings (useAppPoolCredentials set to true). Thus users can access one site but can't access the second one with the same settings. App pool identity user is in the administrator group and IIS_IUSRS group. I also tried to use the domain user account to logon to site from VM and got same never-ending authentication prompt because of Kerberos. I've read Chiranth Ramaswamy's article about IIS authentication but unfortunately couldn't find solution to problem. Is there any way to solve the problem?
EDIT: We also have 2nd server with the same sites and settings.
EDIT2: I found out that I can logon if I'm using same domain user account if I don't write domain in login. Thus "UserName" works and "DomainName\UserName" doesn't