How are we supposed to configure kerberos for the SharePoint apps?
I have an environment set up with three web applications using host headers on port 80:
- http://intranet.mycorp
- http://teams.mycorp
- http://mysites.mycorp
DNS entries all point to my web front end server, and I have configured SPN's appropriately and set everything up so that at Kerberos authentication is all working.
We are now developing SharePoint 2013 apps and wanting to deploy them to our environment. We have a further wildcard DNS entry *.mycorpapps pointing also to the WFE server. This is set as the app domain in central administration.
The apps install, but when we then go to view the app we are prompted for credentials. Should I be setting a wildcard SPN (is that possible)?
Something like: SETSPN -A HTTP/*.mycorpapps mydomain\app-pool-service-account
Also, because we are using host-headers on port 80, I had to setup a web application (with a blank team site) on port 80 with no host header, to even get IIS to respond to requests for SharePoint apps. Is this where we should instead be using host-named site collections?
Thanks for any help,
Richard
