Hi all,

Ive been trying to configure Kerberos delegation on a Windows 2003 domain but I haven't got any good result yet. I followed a Microsoft Document on [1] to configure Kerberos in order to build a .NET 2.0 SOA solution. The following is the Kerberos trace when I try to access page A in a scenario like this:

IE -----> Page_A.aspx ----> Service_A.asmx
WebApp on IIS WebService on IIS
Server A The same server A
App pool on domain App pool on domain
account A account B

Kerberos trace:

500.652> Kerb-Bnd: Calling kdc for realm SMNYL.COM.MX
500.652> Kerb-Warn: KerbGetTgsTicket failed to unpack KDC reply: 0x3c
HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: KerbGetTgsTicket KerbCallKdc: error 0x7
500.652> Kerb-Warn: Failed to get TGS ticket for service 0xc000018b :
HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: d:\nt\ds\security\protocols\kerberos\client2\kerbt ick.cxx, line 3833
500.652> Kerb-SPN: KerbInsertSpnCacheEntry spn cache disabled
500.652> Kerb-Warn: TARGET_UNKNOWN for SMNYL.COM.MX\account_a LogonId 0:0xfbc9, target HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: SpInitLsaModeContext failed to get outbound ticket, KerbGetServiceTicket failed with 0xc000018b


ASP.NET error
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: WSE594: InitializeSecurityContext call failed with the following error message: The network path was not found.


[1] http://www.microsoft.com/technet/pro.../tkerbdel.mspx