|
Posted by meshko on July 19, 2005, 2:24 pm
Please log in for more thread options
Hi,
We have an ASP (not .NET) application which needs to talk to network
shares and AD. In the test domain I configured the website of the ASP
app to use Integrated Windows Authentication and disabled anonymous
access, then enabled delegation for the system where the IIS runs. I
could use IE do access the website and the ASP application was working
as expected, was able to talk to both network shares on orther systems
and AD.
Now I have another test domain which seems to be exactly the same, but
the ASP app doesn't work. All systems in both domains are W2K3 with
Service Pack 1, running in something relatively close to default
configuration.
So I have domain1 and domain2, domain1 working, domain2 not. In each
domain I have basically 3 systems: client, webserver (ws),
domaincontroller (dc). From client2 I can connect to ws1 and it works.
So IE must be doing Kerberos authentication. But client2 to ws2
doesn't work. The log messages are the same in both cases:
Type: Success Audit
Event ID: 552
Logon attempt using explicit credentials:
Logged on user:
User Name: Administrator
Domain: DOMIAN2
Logon ID: (0x0,0xFCFCA)
Logon GUID:
User whose credentials were used:
Target User Name: tester
Target Domain: DOMAIN2.COMPANY.COM
Target Logon GUID:
Target Server Name: WS2.DOMAIN2.COMPANY.COM
Target Server Info: HTTP/WS2.DOMAIN2.COMPANY.COM
Caller Process ID: 676
Source Network Address: -
Source Port: -
So it looks like successful logon, but no mention of Kerberos.
If I try to get network dump on the domain controller of the domain2
and filter for Kerberos protocol I get nothing, so I suspect Kerberos
is not being used, but why?
Will appreaciate any help!
| 
XML Sitemap