Ok, so only NTLM Authentication Provider works. Here is a short description. Set up 3 test environments in a vmware infrastructure. Test, Acceptance, Live or Production. Test and Acceptance have worked perfectly.
Server is Win2012 - brand new everything.
Anonymous Users set to ?
Domain Users authenticate with Negotiate then NTLM.
Chrome has been helpful in testing this since Chrome defaults to the highest Authentication Provider available.
Guess what? Live / Production system is broken. Same SPN registration pattern, same deployment patterns. Enabled just NTLM and test it works fine. Enabled just Negotiate and it breaks.
Every single time Negotiatefails. Repeat.
Every single time Negotiatefails.
Every single time Negotiatefails.
Every single time Negotiatefails.
Why is Kerberos broken?
So, the IT team has looked at the box and gave up. The response was, "Yeah, we have a script that can fix that, but everytime a website gets added, we have to rerun the script--it's just easier to reinstall the Operating System , IIS, everything"
Has anybody encountered this??? ever?? in all of IIS history? Is there an error log during initial installation that is logging errors, and nobody just knows about these errors?
Luke