Delegation and IIS service account

Delegation and IIS service account

am 16.03.2006 14:46:18 von TTyrone

Hello;

I'm trying to set up a web app that accesses a SQL database on a second
server. I want to use integrated security and have set the computer account
as trusted for delegation. I know I need to use setspn to tell Active
Directory that there is an authorized instance of a service of class
"MSSQLSvc" listening on port 1433 on computer FQDN running as service account
in my domain. My question deals with the IIS setup.

Does the World Wide Web Publishing Service need to be running under a domain
user account for this, or is having the web server trusted for delegation
enough?

Thanks;
T.

RE: Delegation and IIS service account

am 17.03.2006 14:22:27 von TTyrone

Nevermind, figured it out...

"T. Tyrone" wrote:

> Hello;
>
> I'm trying to set up a web app that accesses a SQL database on a second
> server. I want to use integrated security and have set the computer account
> as trusted for delegation. I know I need to use setspn to tell Active
> Directory that there is an authorized instance of a service of class
> "MSSQLSvc" listening on port 1433 on computer FQDN running as service account
> in my domain. My question deals with the IIS setup.
>
> Does the World Wide Web Publishing Service need to be running under a domain
> user account for this, or is having the web server trusted for delegation
> enough?
>
> Thanks;
> T.

Re: Delegation and IIS service account

am 23.03.2006 04:39:59 von Ken Schaefer

FWIW: WWW Publishing Service is only supported when running as LocalSystem.
It is not supported using a domain account to run WWW Publishing Service.

Cheers
Ken

"T. Tyrone" wrote in message
news:9B28BA40-8A12-4533-9F71-5C49E1295668@microsoft.com...
: Nevermind, figured it out...
:
: "T. Tyrone" wrote:
:
: > Hello;
: >
: > I'm trying to set up a web app that accesses a SQL database on a second
: > server. I want to use integrated security and have set the computer
account
: > as trusted for delegation. I know I need to use setspn to tell Active
: > Directory that there is an authorized instance of a service of class
: > "MSSQLSvc" listening on port 1433 on computer FQDN running as service
account
: > in my domain. My question deals with the IIS setup.
: >
: > Does the World Wide Web Publishing Service need to be running under a
domain
: > user account for this, or is having the web server trusted for
delegation
: > enough?
: >
: > Thanks;
: > T.