I came across a bizarre issue this week and thought it should be shared.
An existing server was running a web application on IIS 7, the virtual directory used Kerberos as the only authentication method. This had been working for server months without issue but then seemed to randomly stop authenticating the users. Both client and server logs (event viewer and IIS logs) were unusually quiet. After some serious head scratching I found this article that was very usefully as a sanity checker.
However after checking the SPNs and trusted delegation settings I did some further testing which pointed towards a client issue. Under advanced setting the option “Enable Intergrated Windows Authentication” had become unchecked. Checking this option enables Kerberos authentication at the client end, without it Kerberos authenticated websites will not work. Interestingly NTLM will work with this option disabled. It looks like this may have been caused by a Windows update but I can’t be sure.
Anyway I hope this helps anyone else scratching their heads 🙂 Happy troubleshooting!