Skip Navigation

Find the
application pool identity and port

Make sure that you create a list of web applications that are going to be shared through the
  1. Open
    Internet Information Services (IIS) Manager.
    Make sure that you record any additional port numbers that are assigned if a web application was extended to create alternate access mappings.
  2. Find the Application Pool identity in the
    Application Pools
    list view or in
    SharePoint Central Administration > Security > Configure service accounts
    In most instances, for Kerberos constrained delegation (KCD) to work properly, the application pool identity user must be the same for all application pools whose applications will be accessed by the
    service. This means you cannot have different application pools running under different users.
  3. In
    SharePoint Central Administration
    , on the
    Web Applications
    tab, find the port for each of the web applications listed. Look in the
    Alternate Access Mappings
    view as necessary.
  4. In the
    Sharepoint Central Administration
    , open the
    Application Management
    , choose the web application and click
    Authentication Providers
    in the ribbon bar. Make sure that the authentication type for each web application is set to
    and that
    Negotiate (Kerberos)
    is enabled under
    IIS Authentication Settings
    In certain scenarios, switching to Negotiate (Kerberos) might require enabling Kernel-mode authentication in IIS for the corresponding IIS site. For more information, visit the MSDN Library to see Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5.