Long title - but that says it all. Today I wasted a large chunk of time trying to figure out why I was getting a challenge dialog on my ASP.NET site. The site was configured to use an application pool that I made. The app pool was set to run as a domain account identity and the NTFS permissions on all of the folders looked fine...but I kept getting prompted to enter my user credentials. Buried in a sea of security event log entries were several kerberos errors. It turns out that on this server, kerberos was on by default.
The solution was to run a simple command line to force IIS to use NTLM:
adsutil.vbs set w3svc/3/NTAuthenticationProviders "NTLM"
http://support.microsoft.com/default.aspx?scid=kb;EN-US;871179
Hope this saves someone some time if you run into the same problem. :)
