Mindbreeze Web Client not working on Windows 10 with Kerberos

Last update: 14 December 2017

Information

With Kerberos Single-Signon activated, Windows 10 clients cannot connect to a Mindbreeze Client Webservices. Authentication is denied.

This behaviour is caused by the new Windows 10 functionality "Credential Guard" that restricts delegation of Kerberos tickets, that is neccessary to authenticate and communicate between services.

Solution

The issue can be solved in two different ways:

Configure Trusted peer certificate in the Mindbreeze Client Webservice

Using Trusted peer certificates, the Mindbreeze Client Webservice authenticates to the Mindbreeze Index services using the certificate.

If you need support activating trusted peer certificates, please contact Fabasoft Support.

Disable "Credential Guard"

Please follow the explanation from this Microsoft article: https://docs.microsoft.com/en-us/windows/access-protection/credential-gu...

Details

Read more information about Credential Guard in the Microsoft TechNet: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential...