In one of the teams i’m working, we had an issue with double-hop.
When using NTLM and several servers need to be connected, this could be an issue.
Example: when you use 2 web front ends in combination with forms, everything is allright.
But, when the form uses webservices for collecting information, you could run into the double-hop problem.
Standard: NTLM will only authenticated between 2 computers, any extra computer will nog be authenticated to.
Within Sharepoint you can overcome this issue by implementing Kerberos or Single Sign ON.
Due to the nature of kerberos (delegation of control), we decided to go for Single Sign ON.
At this moment, single sign on works every now and then, but never without faults and never longer then 4 hours.
The configuration was cleared every 24 hours (!?)
During examining the logs and application log, a weird error caught our attention.
Some more investigating learned that these errors where created during single sign on configuration.
The error was related to localhost in combination with Alternate Access Mapping.
How is this possible ?
The name of out server was (fake name) : mossapp
we created AAM config lines pointing to mossapp. Everything is working as intended (including central administration)
All sites go to the right host(header).
But single sign on complains about not finding Localhost.
So we added localhost to the AAM pointing to mossapp.
And guess what : the errors where gone !
At this moment the configuration is no longer cleared, but unfortunately, single sign on is still not working as intended.
although, if it’s working, it works for at least 8 hours.
Anyone ideas about this issue ?