This Article describes how to set Kerberos for your SharePoint Web Application, we consider that the kerberos is correctly confugured on the SQL side: SQL Service run with an Active Directory Account and the associated SPN is configured...
To create and configure web application with kerberos follow these steps:
- Create an Active Directory user account to run the IIS application pool.
- Set the SPN on this account.
- Trust Kerberos delegation on this account.
- Grant the rights "Local and Remote Activation" on the application pool account for the following DCOM object: IIS WARMREG ADMIN (for all web front end servers).
- Add the application pool account into the User Rights Assignments: "Act as a part of Operating System" (for all web front end servers).
- Create the web application with Host Header and select Kerberos for the authentication methods. Run the application pool with the application pool account created before.
- Edit the ApplicationHost.Config file on all web front end servers, locate this tag: <local path="name of yoursite">, next locate <windows security...> and modifify this tag as follow: <Windows security=.... UseAppPoolCredentials="TRUE" UseKernelMode="TRUE">
- Your are done.