- You publish a web server and authenticate all requests in a Microsoft Forefront Threat Management Gateway 2010 environment.
- You set Authentication delegation to Kerberos constrained delegation (KCD).
- You set the Const SE_VPS_VALUE property to 2 to use the fully qualified domain name (FQDN) in the Kerberos ticket as described in the following article:960146 An update is available for ISA Server 2006 to control the domain name and user name format in Kerberos Constrained Delegation scenarios
However, when the Const SE_VPS_VALUE property is set to 2, the FQDN is used for the domain name format. This does not work for users whose name part before the @ sign for the Security Accounts Manager (SAM) account differs from the user principal name (UPN) authentication account.
For example, authentication is successful when SAM and UPN match as follows:
Id. de artículo: 2783332 - Última revisión: 10 ene. 2013 - Revisión: 1