Using IE to Connect to a Keberos Enabled Non-Default Port SharePoint Site

So that title may be a bit to swallow…. Basically, Internet Explorer does not handle authenticating to a Kerberos enabled website running on a non-default port..

For example, I created the SharePoint central administration site on host computer MOSS (port 1000) to use Kerberos authentication. I add the service principle name (HTTP/MOSS:1000, HTTP/MOSS.domainname:1000), required for Kerberos authentication, to the central administration site’s application pool account in Active Directory. When I attempt to browse to the central admin site from another computer in the domain (my host running ie 8) I get an unauthorized message after several failed attempts to login to the site with the farm administrator’s credentials. If you go back to the the central admin site’s host (MOSS2007) and tweak the local security policy to audit failed logins then you should see Kerberos 529 events in the security log (if you attempt to reach the page again).

The solution is in KB908209. The kb title is a bit misleading since it only states the issue existing in ie6, but in fine print it states Note: If you are using Windows Internet Explorer 7 or Windows Internet Explorer 8, you may still run into this problem. However, to resolve the problem, you do not need to install a software update. Instead, follow the instructions in the ” section to add a registry key. I added the recommended registry key at the end and can successfully browse to the central admin site from my windows 7/ie8 host.

Related posts: