This article was previously published under Q321728
This article has been archived. It is offered "as is" and will no longer be updated.
You cannot use Kerberos to authenticate with a proxy server (for example, Internet Security and Acceleration Server 2000) in Internet Explorer.
This behavior occurs because Internet Explorer does not support Kerberos authentication with a proxy, and does not respond to a negotiate challenge from a proxy server.
This limitation was removed in Windows Internet Explorer 7.
If Integrated Windows Authentication is turned on in Internet Explorer for Windows 2000 and Windows XP, you can complete Kerberos authentication with Web servers either directly or through a proxy server. However, Internet Explorer cannot use Kerberos to authenticate with the proxy server itself.
NOTE: If Integrated Windows Authentication is turned on, Internet Explorer for Windows 2000 and Windows XP responds to a negotiate challenge and supports Kerberos authentication with Web servers. However, Internet Explorer for Windows 98, Windows 98 Second Edition, Windows Millennium Edition (Me), and Windows NT 4.0 cannot be configured to respond to a negotiate challenge. These versions of Internet Explorer default to NTLM (or Windows NT Challenge/Response) authentication even if the Enable Integrated Windows Authentication (requires restart) check box is selected because this feature is not available on these operating systems.
For additional information about how to turn on Integrated Windows Authentication in Internet Explorer 6.0, click the article number below to view the article in the Microsoft Knowledge Base:
299838 Unable to Negotiate Kerberos Authentication After Upgrading to Internet Explorer 6