http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspxIntroduction With companies working more and more to achieve scenarios of high availability, ISA Server 2006 Enterprise Edition Integrated NLB is becoming very popular. High availability is also complemented by the need to offer performance improvementen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3078419Thu, 26 Jun 2008 13:04:27 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3078419jason.jones<p>Great article chaps...very useful!</p> http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3078442Thu, 26 Jun 2008 14:10:31 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3078442yuridio<p>Thanks Jason. It is always good to have a positive feedback from you.</p> http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3078567Thu, 26 Jun 2008 17:30:45 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3078567Yuri Diogenes's Blog<p>Due lots of questions on this subject we just published a post on ISA Server Team Blog about this behavior.</p> http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3095776Wed, 30 Jul 2008 17:09:09 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3095776Yuri Diogenes's Blog<p>Last two months for some reason were pretty busy of calls for ISA Server issues where customers were</p> http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3198007Fri, 06 Feb 2009 13:17:42 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3198007jason.jones<p>Hi Yuri/Jim,</p> <p>So if we have a prefernce for using NLB without CARP (in order to have *proper* HA) is there a way to ensure Kerberos authentication can be used?</p> <p>From my understanding, we cannot assign the same SPN to both ISA server computer objects, yet we would need to use a generic alias of proxy.domain.com which maps to the NLB VIP.</p> <p>In an IIS world, we can get around this by assiging the SPN to a service account, but I don't think we can do this with ISA...</p> <p>Any ideas?</p> <p>Thanks</p> <p>JJ</p> http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3198232Fri, 06 Feb 2009 21:39:27 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3198232Forefront TMG (ISA Server) Product Team Blog<p>Introduction Since the release of Windows Server 2008 Streaming Media Services , many ISA admins have</p> http://blogs.technet.com/isablog/archive/2008/06/26/understanding-by-design-behavior-of-isa-server-2006-using-kerberos-authentication-for-web-proxy-requests-on-isa-server-2006-with-nlb.aspx#3198244Fri, 06 Feb 2009 21:46:16 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3198244Forefront TMG (ISA Server) Product Team Blog<p>Introduction Since the release of Windows Server 2008 Streaming Media Services , many ISA admins have</p>