Hi,
Some back ground:
We were running on FIM 2010 R2 with all the components running including SSPR from multiple clients excluding Windows 8. Because FIM 2010 R2 SP1 provided support for Win 8 and some other fixes we upgraded the environment. The solution runs on three servers as follows:
Server1 - FIM Sync and Sync DB
Server2 - FIM service DB
Server3 - FIM portal, Password registration portal and reset portal
Operating system is Windows Server 2008 R2,SQL Server 2008 R2 and SharePoint Foundation 2010.
I used a separate application pool account for the FIM portal and SSPR portals.
Kerberos authentication was configured.
After upgrading to FIM 2010 R2 SP1, the FIM portal worked after I had disabled the certificate validation check. The SSPR password registration portal failed for everybody. it was prompting for user name and password and fails anyway - even after providing correct credentials. I tracked it down to a problem with Kerberos authentication and more specifically found that if Kernel-mode authentication was enabled the authentication failed. (even having the SPNs on the proper account)
The only way to solve this was to disabled Kernel-mode authentication and move the SPNs to the application pool account.
my question are, is this supposed to be like this? and did anybody else experience the same issue?
Thanks
Johan Marais
JkM6228