Steps To Setup Kerberos For Windows Authentication
Open Command prompt in Administrator mode.
Execute the following command on it to add Service Principal Name (SPN) for the account
setspn -a HTTP/## Server FQDN ## ## Domain Service Account ##
Example: C:\Users\Administrator> setspn -A HTTP/mini.example.com gpadmin Note: "mini.exmaple.com" here is FQDN. Make sure it's resolvable on the Windows server running AD service.
Open Active Directory Users and Computers.
Search for the service account which was used to create the Service Principal Name (SPN).
Navigate to the Delegation tab.
Select Trust this user for delegation to any service (Kerberos only).
Open up IIS Manager.
Select the site which you want to apply Windows Authentication to.
Select the Application Pool for that website. Right click on it and select Advanced Settings.
Use Custom Account and set the account as the service account for which delegation was enabled. You would need to enter the password of the service account as well.
Navigate to the Authentication section for the website.
Enable Windows Authentication and disable Anonymous Authentication.(Both cannot work simultaneously)
Set useKernelMode as False and useAppPoolCredentials as True in the Configuration editor.
Restart IIS server.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.