I know that Kerberos delegation can be a pain in the A$$ one of the first steps is to see if the user/administrator has registered a Service Principle Name (SPN) if he has and Kerberos delegation is still not working then check if he has duplicate entries for that SPN entry. A quick and easy way is to use the following command:
- Click “Start”
- Click “Run”
- Type “CMD”
- Type “CD \”
- Type the following
ldifde -s <GC_Server_Name> -f c:\<My_SPN_Dump_File>.txt -d "" -r "(serviceprincipalname=host/<Machine_Name>)" -p subtree -t 3268 -l dn,serviceprinciplename
Replace the following with your environments details:
- <GC_Server_Name>
- <My_SPN_Dump_File>.
- <Machine_Name>
Happy hunting
Carlos