Kerberos fallback to NTLM

Scenario:  Case where NTLM is chosen instead of Kerberos as the authentication protocol and how SPNego Logging was used to trace the source of the problem.   Environment: Windows Server 2008 / IIS 7.0  /  SharePoint 2007  all running on the same server.   All the  App pools on IIS are running under the identity of…

3

Windows Server 2008 Domain Controllers fail NcSecDesc (Naming Context Security Descriptors) test when dcdiag is run

We are increasingly beginning to see customers calling us regarding the following error . I thought it would be best to blog it for benefit of others.   Scenario:   You have a minimum on one Windows 2008 Domain Controller deployed in a Windows 2003 Domain. When you run dcdiag on or against a Windows Server 2008 domain controller, the…

5