General, Hits: 567, Comments: 0, Bookmarked: 0, Followers: 1
When deploying Geodatafy in an environment where Kerberos is the preferred authentication protocol that simply changing the Windows IIS server settings is not enough.
If a standard installation of Geodatafy in this type of environment causes multiple prompts for user credentials then re-creating the Geodatafy site maybe the answer.
This sequence is assuming this is a clean new installation and if not you have a backup of your Geodatafy data and configuration.
Stop your running instance of Geodatafy (both Application Pool and Site)
Delete both Site then Pool
Create a new Site called "Geodatafy"
Bind to port *:80
Accept default options
Select the Application Pools > Geodatafy
Open Advanced Settings from the right hand pane and scroll down to Identity (under Process Model)
Change the value from Default ApplicationPoolIdentity and set this to your Geodatafy Windows account details
i.e <domain><username>
Click OK and restart the Application Pool
Click on the Geodatafy site then click Authentication.
Disable Anonymous Authentication
Enable Windows Integrated Authenticated > now click Providers from the right hand pane, remove the Default options (Negotiate & NTLM) and Add Negotiate-Kerberos
Click OK to close, Now click Advanced Settings from the right hand pane and make sure Enable Kernel-mode authentication is not enabled.
If changed click OK.
Restart the IIS site and test your access to the Geodatafy
When deploying Geodatafy in an environment where Kerberos is the preferred authentication protocol that simply changing the Windows IIS server settings is not enough.
If a standard installation of Geodatafy in this type of environment causes multiple prompts for user credentials then re-creating the Geodatafy site maybe the answer.
This sequence is assuming this is a clean new installation and if not you have a backup of your Geodatafy data and configuration.
Stop your running instance of Geodatafy (both Application Pool and Site)
Delete both Site then Pool
Create a new Site called "Geodatafy"
Bind to port *:80
Accept default options
Select the Application Pools > Geodatafy
Open Advanced Settings from the right hand pane and scroll down to Identity (under Process Model)
Change the value from Default ApplicationPoolIdentity and set this to your Geodatafy Windows account details
i.e <domain><username>
Click OK and restart the Application Pool
Click on the Geodatafy site then click Authentication.
Disable Anonymous Authentication
Enable Windows Integrated Authenticated > now click Providers from the right hand pane, remove the Default options (Negotiate & NTLM) and Add Negotiate-Kerberos
Click OK to close, Now click Advanced Settings from the right hand pane and make sure Enable Kernel-mode authentication is not enabled.
If changed click OK.
Restart the IIS site and test your access to the Geodatafy