Windows 2008 SP2 - Certificate Authority Windows 7 SP1 client --------- Authentication on the certsrv directory is: Anon Authentication - Disabled Windows Authentication - Enabled On the client side, Internet Options | Advanced | Enable Integrated Windows Authentication is enabled. It was from the start and I've restarted IE 8 once anyway for good measure. So I go the the following URL: http://ca2.mynet.int/certsrv and I'm prompted for credentials. Yes! If I enter them, I can proceed to the cert request website. Yes, this machine is a domain member (Computer properties shows: Domain: mynet.int) nltest /sc_query:mynet.int and nltest /sc_verify:mynet.int both show that the secure channel / trust between client and domain is working. So why isn't integrated windows authentication working? Shouldn't it allow me to access the website in question using the credentials the user entered to log on initially? Without having to enter them (again) explicitly when accessing the website?Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Integrated authentication is enabled in Local Intranet zone only (by default). You need to add your web site to Local Intranet zone.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Yes, that seems to work! Tried it with two users: 2/2 Not sure why the site is not detected as being on the local intranet zone automatically since "Automatically detect intranet network" is checked in Internet Options | Tools | Security However, if I proceed to "Advanced" and add the site manually, yes, that does eliminate the prompt which was my objective.Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.