Configuration checklist
Here's a quick checklist of the items that need to be in place for KCD to function properly:
- On the Active Directory Server:
- AD account representing the NetScaler as a system User that can obtain tickets for other users
- Keytab for this NetScaler User
- Constrained delegation enabled for the NetScaler system account
- List of resources that the end User can delegate to NetScaler for authentication
- On the Web Server:
- Kerberos enabled on the site
- Best practice is to have NTLM enabled as fallback
- On the NetScaler:
- Authentication on the LB VIP. The server is added on the NetScaler with its domain/hostname – this is very important. The domain controller should also be able to resolve the hostname correctly:
- Authentication vServer with authentication ...
Get Troubleshooting NetScaler now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.