Results 1 to 9 of 9

Thread: KCD not working

Threaded View

  1. #1
    Join Date
    Sep 2017

    KCD not working

    Hi there,

    I'm trying to get KCD to work but without success.

    What I did so far:

    - Joined the AG to the domain, and added the target service to the "Delegation" tab of AD (say HTTP service.domain.local)
    - Published the target service by using the connect host headers. Service has SPN HTTP/service.domain.local , as so I set the host header to service.domain.local
    - Added an identity injection policy of type "Inject Kerberos Ticket". Changed the username of the policy to "my.username" (to make it easy I set the value as string constant) , and domain to "domain.local". Target Host is "Select from Request".

    I'm sure my kerberos infra is working properly because I can do KCD with my TMG to the same service.

    Now, when i access the site I can see some TGS-REQ and TGS-REP, and AS-REQ messages to my kerberos KDC.
    I also can see "my.username" being logged on to the AG, under the Windows event log (event id 4648), but the "Target Server Name" is shown as localhost.
    The target site still asks for credential (actually, it shows the authentication dialog but does not accept credentials anymore).

    Any idea what can be the problem?
    Does anyone have KCD working?

    Last edited by rjtd; 04-Oct-2017 at 08:04 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts