July 16th, 2013, 02:09 PM
DelegConfig.v2.beta - Report.aspx responds with 401.2
My goal is to setup delegation between a WCF service and an asmx service hosted on separate servers, but in the same domain. My journey has taken me to discover the DelegConfig.v2.beta as well as this blog:
The biggest mistake: ServicePrincipalName’s
which helped me to understand what an SPN is.
After setting up the DelegConfig application in IIS I found that I can access the default.aspx page, but when I click on the Reports.aspx page it hangs forever with the text Please wait.... This is true in both internet explorer 10 and FireFox 21.0.
The following trace log was taken from a request made local to the site using internet explorer version 10.
IIS Failed Request Trace - Request made locally. I was not sure how best to post the information in the forum so I posted it in paste bin in raw XML. I noticed that some people have posted output from these trace logs in a nice formatted way, but I am not sure how to do that. The trace logs show several different views.
The following trace log was taken from a request made from another machine running in a different subnet to the site using internet explorer version 9:
IIS Failed Request Trace - Request from different subnet
Thank you to anyone that can help point me in the right direction. I have been trying to figure this out for a week now, so I really appreciate your time!
July 16th, 2013, 04:24 PM
This is just a quick update with something interesting that I discovered. In IIS, for the DelegConfig application, if I click the Authentication module-->Windows Authentication-->Advanced Settings... and then uncheck the Enable Kernel-mode authentication it will let me view the page. I can click on the Authentication module-->Windows Authentication-->Providers... and remove NTML so that only Negotiate is in the list and it still allows me to view the page. I am not prompted for credentials. If I look at the Failed Request log I can see two requests. The first has AuthTypeSupported NT. The second second has AuthTypeSupported Anonymous. So even though I can access the page this is not what I want. I want to have kerberose authentication so that my application can perform delegation. I just can't pin down what the issue is. Why won't it allow kerberose authentication :-(