We have been spinning our wheels trying to get windows authentication working through ARR.
We've created a new domain account (appservices
)
ARR Server (srvarr
) using default app pool with user set to appservices
IIS Server (srvweb
) using default app pool with user set to appservices
We've run
setspn -s domain\appservices http://srvarr
and checking using -l
shows it registered for http://srvarr
srvarr
is set to use anonymous authentication
srvweb
is set to use windows authentication
Going directly to http://srvweb/healthCheck.txt
gives a 'Working!'
message
Trying to go to http://srvarr/healthCheck.txt
gives either a
502 - Web server received an invalid response while acting as a gateway or proxy server
or
401 - with prompt for credentials
If we turn on anonymous authentication
we get the 'Working!'
message from either http://srvweb/healthCheck.txt
or http://srvarr/healthCheck.txt
We've tried both NTLM and Negotiate and neither seem to work.
Best Answer
We had typo'd
HTTP/srvarr
andHTTP/srvweb
ashttp://srvarr
andhttp://srvweb
. Make sure you do it as the protocol instead of the url!Also settings that might help others:
Remove both
NTLM
andNegotiate
and addNegotiate:Kerberos
and turn onUseAppPoolCredentials
and offuseKernelMode
Make sure all of the servers are using your domain web service account as the app pool identity