Question : Kerberos & Sharepoint problems

Hi,

I need to change all my MOSS web apps to use Kerberos as opposed to NTLM. I've followed the many guides on the internet, adding SPN's for the following service accounts in AD:

DB Acceess Account:
SSP Application Pool ID:
MySites Application Pool ID:
Site Collection Application Pool ID:

I've also set up the trust delegation for all servers in the loop.

However (like most things Sharepoint), didn't work on my first attempt. When I browse with IE to the site collection on the test web app, I get authentication box pop up asking for username and password, I put these in, doesn't let me in and finally times out with the 'Internet Explorer cannot display the webpage' or 'You are not authorised to view this page' message.

I've used wireshark to find out what's going on, whether my SPN's ect have been set up incorrectly. What I find is the following kerberos related message:

error_code: KRB5KRB_ERR_RESPONSE_TOO_BIG (52)

Followed by

[Unreassembled Packet [incorrect TCP checksum]: KRB5]

I've looked online, couldn't find any info on this error. When I use firefox, this doesn't happen. Out of interest I also wiresharked this, looked at the logs and found no Kerberos activity. I suspect the with firefox it's reverting to NTLM for some reason. With IE it just doesn't work at all.

Can anyone help shed some light on this?

Answer : Kerberos & Sharepoint problems

Fixed it in the end. Removed all registered SPN's and started again. Made sure I used the same app pool username password for my app pool ID and dba access account. Painful.