General, Hits: 161, Comments: 0, Bookmarked: 0, Followers: 1

 

 

When deploying Geodatafy in an environment where Kerberos is the preferred authentication protocol that simply changing the Windows IIS server settings is not enough.

If a standard installation of Geodatafy in this type of environment causes multiple prompts for user credentials then re-creating the Geodatafy site maybe the answer.

 

This sequence is assuming this is a clean new installation and if not you have a backup of your Geodatafy data and configuration.

Stop your running instance of Geodatafy (both Application Pool and Site)

Delete both Site then Pool

Create a new Site called "Geodatafy"

Bind to port *:80

Accept default options

Select the Application Pools > Geodatafy 

Open Advanced Settings from the right hand pane and scroll down to Identity (under Process Model) 

Change the value from Default ApplicationPoolIdentity and set this to your Geodatafy Windows account details 

i.e <domain><username>

Click OK and restart the Application Pool

Click on the Geodatafy site then click Authentication.

Disable Anonymous Authentication

Enable Windows Integrated Authenticated > now click Providers from the right hand pane, remove the Default options (Negotiate & NTLM) and Add Negotiate-Kerberos

 

 

Click OK to close,  Now click Advanced Settings from the right hand pane and make sure Enable Kernel-mode authentication is not enabled. 

 

 

If changed click OK.

 

Restart the IIS site and test your access to the Geodatafy

Last Modified: %PM, %01 %964 %2019


dave.b
%PM, %01 %943 %2019
0% of 0 votes