Hi,I initially posted this over on the IE8 beta newsgroup but was advised that it should posted here instead. The original post can be found here :http://www.microsoft.com/communities/newsgroups/list/en-us/default.aspx?dg=microsoft.public.internetexplorer.beta&tid=4937c7de-630d-482b-a2eb-3a40dd65b3ea&cat=&lang=&cr=&sloc=&p=1I'm using IE8 on Windows 7. I'm testing a web site which requires Kerberos authentication for delegation. The web site URL is registered as a CNAME in DNS and the SPN for the site reflects this CNAME. With IE7 on Vista SP1 the site works without any problems. With the IE8 beta in Windows 7 the site prompts for credentials and then fails authentication with a 401.1 From the dialog box I can see that IE8 isn't constructing its ticket request using the CNAME but is instead using the underlying hostname. I tried creating the reg key FEATURE_USE_CNAME_FOR_SPN_KB911149 but that had no effect. Interestingly, the above key is required for IE7 on XP SP3 but not for Vista SP1. Anyone else tried this ?http://www.iisadmin.co.uk

I suggest that you send feedback to Microsoft formally using the "Send feedback" links. This way, Microsoft can track and (hopefully) fix this.

Did you notice if IE 8 is treating the site as being in the "Internet Zone" or "Intranet Zone", you could test adding the site to the trusted, or Intranet Zone, to see if that does anything.Shon

Hi Shon,Thanks for replying. I have configured IE8 on Windows 7 in exactly the same way as IE7 on Vista SP1, namely that I have added the URL to the Trusted sites Security zone on both.With IE7 on Vista SP1 it just works. With IE8 on Windows 7 (Build 7000) I am prompted for my credentials and then authentication fails with 'HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials' - when this happens IE8 shows the site as being in the Trusted Sites zone with Protected Mode Off.I have installed the IE8 Beta 2 build on Windows XP SP2 and it works correctly in the same way as IE7 on Vista SP1 does, namely that the browser honours the DNS CNAME when requesting the ticket from the KDC. With IE8 on Windows 7 I can see from the dialog box prompt that the browser is ignoring the CNAME and is instead requesting a ticket using the underlying A Record.I will report this using the built-in Feedback function in Windows 7.Regards,http://www.iisadmin.co.uk