In a AD Multi Domain environment, I've found that even after following the guidance from Microsoft regarding delegating permissions to the relevant web application folders (found here) I've still encountered prompts for credentials when accessing the web based Application catalogue which is by default http://servername.domain.com/CMApplicationCatalog.
Based on some research and also backed up by Chris Bradford's blog post, it appears that the problem can be caused by the 'Add default Application Catalog website to Internet Explorer trusted sites zone' option in the SCCM Client Settings. I've found it best to set this to 'False' and fallback on our internal namespace being registered via other means in the correct IE Security Zone.
To ensure that the NTLM credentials are passed through when accessing internal namespace addressed resources either add your domain with a wildcard (*.domain.com) or your server name to your IE Intranet Zone. This can be done via manually or by script but certainly appears to produce better results than using the SCCM Client option.
No comments:
Post a Comment