I have a asp.net site installed on a server owned by a client. The client now, due to using MobileIron for single-sign-on capabilites on mobile devices, requires my site to work with Kerberos authentication. The web server is IIS 7.5.
The client has set up Kerberos in IIS, but somehow this does not seem to work. When testing on a computer, I can see with Fiddler that authentication falls back on using NTLM. As far as I can see everything is set up correctly in IIS(I've used this site to validate the setup: ).
Enabling event viewer logging for Kerberos, gives me the following error:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 14:23:14.0000 12/19/2013 Z
Error Code: 0x1b Unknown Error
Extended Error:
Client Realm:
Client Name:
Server Realm: [CLIENT].LOCAL
Server Name: [user]@[CLIENT].LOCAL
Target Name: [user]@[CLIENT].LOCAL@[CLIENT].LOCAL
Error Text:
File: 9
Line: f09
Error Data is in record data.
How can I troubleshoot this? What tools are available for testing the Kerberos setup?
Best Answer
After quite a few hours digging into this, I finally found the solution, through running the DeleConfig wizard, and changing the identity of the application pool to NETWORK SERVICE. For future reference, here's the two most helpful resources that I used: