Hello all.
It's that time, that time when you have very few hairs on your head due to excessive hairpulling over things that just should work.
The scenario is as such. I have to implement kerberos authentication for a web application that has been developed. There are three servers in question, a terminal server, an IIS server and a SQL server. All of these servers run Server 2008 R2. I have two service users in AD, one that runs as an identity for the app pool of the webservice and one that runs as the service user for the SQL.
I've look far and wide on the internet for stuff like this and they pretty much all say mostly the same, you need to set the SPN for the service users, allow for delegation, disable NTLM and use negotiate on the authentication.The users are supposed to access the web service on the terminal server using a browser....