Steps To Setup Kerberos For Windows Authentication

Steps To Setup Kerberos For Windows Authentication

  • Open Command prompt in Administrator mode.
  • Execute the following command on it to add Service Principal Name (SPN) for the account
    • setspn -a HTTP/## Server FQDN ## ## Domain Service Account ## Example: C:\Users\Administrator> setspn -A HTTP/mini.example.com gpadmin
      Note: "mini.exmaple.com" here is FQDN. Make sure it's resolvable on the Windows server running AD service.
  • Open Active Directory Users and Computers.
  • Search for the service account which was used to create the Service Principal Name (SPN).
  • Navigate to the Delegation tab.
  • Select Trust this user for delegation to any service (Kerberos only).
    • kerberos windows-1
  • Click Apply.
  • Open up IIS Manager.
  • Select the site which you want to apply Windows Authentication to.
  • Select the Application Pool for that website. Right click on it and select Advanced Settings.
    • kerberos windows-2
  • Use Custom Account and set the account as the service account for which delegation was enabled. You would need to enter the password of the service account as well.
    • kerberos windows-3
  • Navigate to the Authentication section for the website.
    • kerberos windows-4
  • Enable Windows Authentication and disable Anonymous Authentication.(Both cannot work simultaneously)
    • kerberos windows-5
  • Go to the Configuration Editor.
    • kerberos windows-6
    • Search for: system.webServer/security/authentication/windowsAuthentication
      kerberos windows-7
  • Set useKernelMode as False and useAppPoolCredentials as True in the Configuration editor.
  • Click Apply.
  • Restart IIS server.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com