1. Configure SPN for Web Application Pool Account
setspn.exe -A HTTP/’WebApplicationNETBIOSURL’ domain’ApplicationPoolAccount’
setspn.exe -A HTTP/’WebApplicationFQDNURL’ domain’ApplicationPoolAccount’
*Using Port numbers with kerberos causes authentication problems within IE, would always suggest using netbios orand FQDN, if your web application has been configured to use a port number suggest creating an Alternative access mapping.
2. Trust Computer and User for Delegation
AD Users and computers -> Properties of account – Make sure account is trusted and not sensitive
3. Enable Kerberos against the Web Application.
In Central Admin select Authentication Provider and then select Kerberos
For more information please see here:
http://support.microsoft.com/kb/953130
LS UPDATED: 11-Aug-09