Microsoft
Software
Hardware
Network
Question : TMG/ISA 2006 - Kerberos Authentication Issues
We have a large MOSS 2007 installation with numerous portals. These portals have webparts that access data on other servers, such as files servers and print servers.
Currently we use ISA 2006 to publish all MOSS sites using a HTTPS SSO listener with form based authentication. This works correctly, allowing the users login to be passed from ISA -> IIS -> File Server/print server.
However, I can't get TMG to work in the same way. If I publish the site through TMG, the user successfully authenticates with the MOSS/IIS servers, but the IIS servers fail to impersonate the user and authenticate correctly with the file server. The file server and print server security logs show the IIS servers are trying to connect with 'NT AUTHORITY\ANONYMOUS LOGON'
TMG is running on Windows Server 2008 R2 Enterprise. MOSS 2007 is running on a farm of Server 2003 R2 x86 servers and the file and printer servers are 2008 R2.
Answer : TMG/ISA 2006 - Kerberos Authentication Issues
OK - suggested resolution from the MS team is as follows:
Go to the user/service account that you have set to run the IIS app pool and delegate it for any auth protocol with the SPN cifs/(file server).
Keith
Random Solutions
Unable to find control
smartheap error
Access 2007 - Query - String Manipulation - I need to cut delete the first two Characters in a Field based on criteria
Visual Studio 2008; Website project; bin folder now showing?
Form Design in Access 2007
Formula " “=SUMPRODUCT” fully function
excel rows get cut off
auto log off and close forms if idle problem
Access VBA Code with Excel Object Save As just started generating the Automation Error - The server threw an exception.
Access Runtime Error