Same Host Header / SPN

In this setup, the IIS website is running on both back-end servers under an application pool with the same application pool identity (Service User). This requires the following configuration:

Requirements

Component
Requirement
Comments
Back-end configuration
  • Both back-end servers run the web application with the same binding (they expect the same host header).
  • The same service user is configured in the application pool identity on both back-end servers.
Active Directory configuration
  • The SPN is registered to the application pool identity
  • The Kerberos System User is permitted to request Kerberos tickets for this SPN.
Airlock Gateway configuration
  • The Request Action (default) Translate Host Header is disabled. Possibly a Custom Translate Host Header Action is configured with a static value.
  • Both back-end servers are configured in the same Back-end Group.