Hi All,
I have non-claims-aware web site hosted in IIS and configured for ONLY Windows Integrated Authentication. I'm attempting to publish the site externally using Azure Application proxy but am having issues.
I have successfully registered my connector in Azure and my app config looks fine to me:
My web site uses a host header so I have published an SPN into my local AD for the http service of the web server using the following:
setSPN -A http/hostheaderName webServerName
That SPN value matches what I have set up in the Azure portal and I can query the SPN successfully in my local AD using setSPN -L webserverName.
I have also added the SPN to the delegation of my connecter server in my local AD.
As far as I can see everything looks good but when I attempt to browse to the external URL I get a status of "Bad Gateway" and the following error from Azure AppProxy "Incorrect Kerberos constrained delegation configuration in your on-premises Active Directory."
Any ideas?