Hi!

SPNego running fine. Now we have a second DNS A record for J2EE machine and configured a second virtual host for this. Accessing the portal with basic auhtentication is no problem. SPnego is only working with the original host. Of course we added an additional Service Principal Name with setspn to the service user.

Already checked the following:

- HTTP trace if Kerberos token is sent to J2ee --> OK

- Default Trace says "No authenticated user found" after searching for token in ThreadTokenCache --> ??

- used kerbtray to check if valid Kerberos ticket is in cache on the client machine --> OK

Do we need to export the keytab file again after setting a second SPN on the service user?

The DNS record for the second name is a new A Record. Should we use an DNS alias on the original host name?

Any help is welcome.

Regards,

Christian