Kerberos Constrained Delegation (KCD) or as I like to call it, less funthan chewing glass.

In my last post I briefly mentioned some issues I was having when attempting to configure SSRS and SharePoint for SSO by means of a ForeFront Threat Management Gateway. Well, after a few days of phone tag with Microsoft, and countless hours spent troubleshooting the Kerberos delegation chain, we finally found the solution. According to best practices it is highly recommended that if using Kerberobs with SSO via TMG, you only grant the TMG delegation rights to the required backend servers/services in AD. This would help stem the fallout should the TMG be compromised and start wreaking havoc upon…

Read More