Hi Team,
I am configuring sharepoint authentication using kerberose in IIS. but getting unauthorized access.
I have used below articles:
https://vivekmalviya.home.blog/2019/03/21/part1-explaining-integrated-windows-authentication-in-sharepoint-and-how-ntlm-fails-but-kerberos-works-in-double-hop-authentication-2/
https://vivekmalviya.home.blog/2019/03/21/part2-step-by-step-guide-for-configuring-kerberos-authentication-for-sharepoint-webapplication/#:~:text=Go%20to%20IIS%20manager%3E%20Sites,Negotiate%20and%20NTLM%20are%20listed
https://vivekmalviya.home.blog/2019/03/21/part3-troubleshooting-kerberos-authentication-and-things-to-check-when-it-fails/
but still it is same error.
even I used debug tool, mentioned in url article.
https://learn.microsoft.com/en-us/archive/blogs/surajdixit/kerberos-configuration-manager-for-internet-information-services-server
tool name = KerberosConfigMgrIIS.exe
logs from above tool :
Review
===================
Selected Site : SharePoint27993
Sitename : SharePoint27993
Application Pool : SharePoint - 27993
Anonymous authentication is enabled...(NOT RECOMMENDED)
Basic authentication is disabled...(RECOMMENDED)
Digest authentication is disabled...(RECOMMENDED)
ASP.NET Impersonation is enabled...(NOT RECOMMENDED)
Windows authentication is enabled...(RECOMMENDED)
Negotiate is on priority...(RECOMMENDED)
You are using a custom identity : <domain>\Administrator...
We should have useAppPoolCredentials set to true...
useAppPoolCredentials set to false..(NOT RECOMMENDED)
useKernelMode set to false..(NOT RECOMMENDED)
==================================================
Fetching SPNs for the account set for Application pool identity..
Below are the SPNs set for the Custom account: <domain>\Administrator
==================================================
No SPNs set for this account
==================================================
The hostname you entered is : sponprem2019
SPNs needed for kerberos to work:
==================================================
HTTP/sponprem2019
HTTP/sponprem2019.<domain>.onmicrosoft.com
SPNs should be on account:<domain>\Administrator
====================================================
-----------------
configuration
-----------------
Configure
===================
Selected Site : SharePoint27993
Sitename : SharePoint27993
Application Pool : SharePoint - 27993
Anonymous authentication is disabled..(MODIFIED)
Basic authentication is already disabled...(NOT MODIFIED)
Digest authentication is already disabled...(NOT MODIFIED)
ASP.NET Impersonation is disabled..(MODIFIED)
Windows authentication is already enabled...(NOT MODIFIED)
Negotiate is on top priority...
You are using a custom identity : <domain>\Administrator..
Setting useAppPoolCredentials to true..
useAppPoolCredentials set to true..(MODIFIED)
Setting useKernelMode to true..
useKernelMode set to true..(MODIFIED)
==================================================
Fetching SPNs for the account set for Application pool identity..
Below are the SPNs set for the Custom account: <domain>\Administrator
==================================================
No SPNs set for this account
==================================================
The hostname you entered is : sponprem2019
SPNs needed for kerberos to work:
==================================================
HTTP/sponprem2019
HTTP/sponprem2019.<domain>.onmicrosoft.com
SPNs should be on account:<domain>\Administrator
==================================================
==>You can generate cmdlet to set SPNs for application pool user on DC
==>Click the below button to save the cmdlet to current directory.
==================================================
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 39%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
