I have a very basic setup in a lab. I have a Win2003 AD server, a Win2003
server running IIS, and a winXP laptop. They are all in the same domain.
I would like to get a user accessing IIS to use kerberos authentication and
not get prompted for a username and password.
The IIS server has joined the domain and in AD, I have the checkbox for
trusted delegation.
In IIS, I have unchecked the "Allow anonymous logins" under the
Authenctication section.
I have not set any SPNs manually.
The hostname of the AD server is "ADbox" the hostname of the IIS server is
"iisbox".
The domain is "demo.com". On the AD server, I added the DNS name
iisbox.demo.com to point to the IIS server.
On the laptop, in IE6, I'm putting the following url's and get the following
results:
http://iisbox - works fine, not prompted for a username or password,
uses my domain credentials and allows me to the website directly.
http://iisbox.demo.com - works fine
https://iisbox - works fine
https://iisbox.demo.com - DOES NOT work.
I can't figure out why accessing the IIS server over SSL does not work only
when using the FQDN.
Does SSL with IIS use a different worker process that I need to register an
SPN with?
Any thoughts?