Problem configuring kerberos delegation on a windows 2003 domain
Lima Valdes Emil
elima at monterrey-newyorklife.com.mx
Fri Feb 29 13:38:05 EST 2008
Hi all,
I´ve been trying to configure Kerberos delegation on a Windows 2003 domain but I haven't got any good result yet. I followed a Microsoft Document on [1] to configure Kerberos in order to build a .NET 2.0 SOA solution. The following is the Kerberos trace when I try to access page A in a scenario like this:
IE -----> Page_A.aspx ----> Service_A.asmx
WebApp on IIS WebService on IIS
Server A The same server A
App pool on domain App pool on domain
account A account B
Kerberos trace:
---------------
500.652> Kerb-Bnd: Calling kdc 129.170.140.8 for realm SMNYL.COM.MX
500.652> Kerb-Warn: KerbGetTgsTicket failed to unpack KDC reply: 0x3c
HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: KerbGetTgsTicket KerbCallKdc: error 0x7
500.652> Kerb-Warn: Failed to get TGS ticket for service 0xc000018b :
HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: d:\nt\ds\security\protocols\kerberos\client2\kerbtick.cxx, line 3833
500.652> Kerb-SPN: KerbInsertSpnCacheEntry spn cache disabled
500.652> Kerb-Warn: TARGET_UNKNOWN for SMNYL.COM.MX\account_a LogonId 0:0xfbc9, target HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: SpInitLsaModeContext failed to get outbound ticket, KerbGetServiceTicket failed with 0xc000018b
---------------
ASP.NET error
---------------
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: WSE594: InitializeSecurityContext call failed with the following error message: The network path was not found.
----------------
Regards,
Emil.
[1] http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx
More information about the Kerberos
mailing list