Machine not requesting kerberos ticket for Sharepoint site (IE, Chrome, Edge), Firefox gets ticket RRS feed

  • Question

  • We have something very strange going on with one of our brand new images for a laptop that is issued in the company. We have narrowed it down to the specific computer (and image), as there is nothing wrong with getting kerberos tickets on any other machines (other than this specific image).

    This specific machine is getting a kerberos ticket for our on-prem Exchange webmail (OWA). However, when going to our Sharepoint site, when doing a klist, there is no ticket at all.
    To make sure it was not the user, we had them log in using a different computer and it does retrieve their kerberos ticket. I logged into the broken machine as myself, and I also do not get a kerberos ticket.

    It doesn't make sense why the machine will get the webmail OWA kerberos ticket for our on-prem Exchange server in Chrome, IE, Edge, but not for Sharepoint.

    We've also tried resetting all IE Internet Options settings to the default. We've compared the Local Intranet settings, made sure that our domain is in the Allowed Sites for our Local Intranet. Using Edge, Chrome, or IE, the 400 login box pops up.

    In Firefox if we add our domain to the trustedURIs, it does get a kerberos ticket, but that ticket only seems to work in Firefox only. Using IE, Chrome, or Edge, still comes up with the 400 auth login box prompt.

    We've tried using Fiddler and Wireshark to look at the requests, and not seeing any going to our domain controller to grab the ticket when using IE, Edge, or Chrome.

    Is there something else that could be preventing this?

    • Edited by jrmoat Wednesday, February 28, 2018 5:41 PM
    Wednesday, February 28, 2018 5:36 PM


All replies