Hello all. Thanks for taking a look at this...
To put it simply, kind of, I have a SharePoint 2010 farm with 1 web application (non default port) using kerberos authentication with 2 load balanced web front end servers.
Example:
web01.domain.com:8090
web02.domain.com:8090
NLB = web.domain.com
The NLB is setup at web.domain.com (on port 80), as mentioned above, and directs traffic to either web server on port 8090.
Notes:
An SPN has been setup for the NLB url with the web applications service account.
Delegation has been setup on the web app account and the web servers.
I am not using host headers for this web app.
I have setup the useapppoolcredentials instead of disabling kernel mode in IIS7 (tried it with it disabled too)
I tried this just in case...Registered SPNs for both web servers, with and without port numbers, and with and without fqdns.
The Problem
Kerberos authentication will not work when the NLB is set at port 80. If I set the NLB to match the web application port, 8090, kerberos authentication works fine and all is well.
This may be an obvious issue, but i cant put my finger on what I am missing.
Simply put, i would just like to have the users type in web.domain.com (the NLB url) instead of having to put in web.domain.com:8090, and be directed to the appropriate web server on the appropriate port (8090), and have kerberos authentication function.
Any thoughts on this would be greatly appreciated!