I'm pulling my hair trying to figure this out.
We have 2 non-trusted domains in our environment, with our userbase on one domain and our customers on the other. We have a customer intranet site that our Customers and our own employees access on this customer network/domain. There are firewall rules in places to allow HTTP communication between the 2 domains/networks.
I'm trying to move the Intranet site from Solaris to IIS and have configured the landing page of the site on a new IIS web server, with the rest of the content in Virtual Directories that I am accessing via UNC path. We have a strict password policy that changes quite often, so I do not want to use the physical path credentials option since it is impractical. I'd much rather update the password on the Application Pool each time we have a change. I created a new Application Pool for the site and made it a domain account that has access to the File Share content. I'm using Windows Authentication, disabled Anonymous and have removed NTLM from the picture, since I am sure it's a Kerberos issue.
I have configured the SPNs and have configured both the webserver and access account for unconstrained delegation. HOST SPNs for the File Server (it's a NETAPP) are present as well.
I keep getting presented with a username/password challenge no matter what I do. I change the Physical Path Credentials to the same user account and I have access as expected.
It should be forwarding the tickets along, but it isn't working. Need some assistance!