In my site I have one folder that does not allow anonymous access. It is set up to use Integrated Windows Authentication as it is on an AD domain. The login works fine in Firefox, Chrome, even Safari, but not IE8. Has anyone encountered this before? I can’t seem to find anyone else with a similar issue, except for where the login fails in all browsers of course.
Best Answer
Chances are this is due to a broken SPN somewhere.
I suspect that the non-Microsoft browsers don’t do Kerberos (or at least, don’t do it in the same way as IE does).
This means that IE might be attempting a Kerberos logon, where the others might well be using NTLM.
If an SPN exists for http/www.example.com or host/www.example.com, and it isn’t owned by the account that runs the Application Pool, that’d be a good reason for this type of break.
On Windows 2008 or later:
SETSPN -X will check for duplicates; SETSPN -Q http/www.example.com will look for owners of that specific SPN.
Fix your SPN problem, and you’ll probably fix IE logons being broken.
Other guidance might tell you to disable Integrated Windows Authentication in IE Advanced properties; that’s a boneheaded move which breaks Kerberos for everything and covers up the problem.
