Publishing MOSS 2007 with KCD via IAG SP2: How to enable SPNEGO in MOSS? RRS feed

  • Question

  • Hi,

    I have a MOSS server with one zone enabled for Negotiate/Kerberos. This zone uses AAM and it is published through IAG (SP2) trunk that has Kerberos enabled. To my knowledge, all the SPN and delegation setting should be in place at AD, but IAG replies immediately 'Your are not authorized to login..' after a login attempt.

    At IAG UrlFilter-log and network monitor-log it is shown that Kerberos-handling is working, but when IAG send HTTP/SPNEGO-request to SharePoint it receives only 302-response and logs "Authentication headers processing halted, no rule allows 401 negotiation with server.".

    I experimented with IAG's registry option 'KCDUseKerberosSSN = 1', and after that Kerberos handling goes through. Is this a normal set up for IAG with KCD/SharePoint 2007 publishing? I have been under the impression that MOSS 2007 supports SPNEGO, does it not? Or is this a symptom of having SPN/delegation setting wrong, after all?



    Monday, June 28, 2010 12:18 PM


  • Hi Jari,

    I'm marking this question as Answered, even though it hasn't been. Your questions has been on the forum for a while, but it appears no one has been able to answer it. You may get better results if you re-submit it a little later, as a new question.

    Good luck,


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, July 26, 2010 9:13 PM
    Monday, July 26, 2010 9:13 PM