Troubleshooting

This is a step-by-step guide an Q&A on troubleshooting Negotiate authentication.

Browser Configuration

Make sure the browser is configured to support Negotiage. See: Configuring Browsers (IE/Firefox)

Troubleshooting Kerberos

Typical configurations to check are:

1. The application is running as a service
2. The service is running as a user on the same domain as the machine accessible via webserver as virtual-host
3. The user has privileges for Kerberos delegation

To check the current privileges, run:

setspn -L username

To add privileges for the current user, run

setspn -A PROTOCOL/machine:port username
setspn -A PROTOCOL/virtual-host:port username

Useful Troubleshooting Resources:

• Enabling Kerberos Logging
• Troubleshooting Kerberos Delegation (Word Document, 1.5M, Microsoft Corporation, March 2004)

Troubleshooting NTLM

• Enabling NTLM Logging

Troubleshooting WAFFLE

• See Frequently Asked Questions.

Still Need Help?

With new versions of Internet Explorer, Firefox or Chrome, use developer tools.

With older versions of Internet Explorer, trace the HTTP request/response.

1. Download and install IEHttpHeaders.
2. Choose Tools, Display IEHttpHeaders.
3. Make one request that ends up in a popup or failure.
4. Copy the entire HTTP conversation.

Post the http conversation with your question to the Waffle Users Google Group.