Another Kerberos/IIS issue. Today one of my web applications stopped working, giving me the: No authority could be contacted for authentication, message. When I tried to access the web application from IIS MMC snap-in through browse, I received a different error:
SystemException: The trust relationship between this workstation and the primary domain failed. System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1167 System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed) +42 System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +46 System.Security.Principal.WindowsPrincipal.IsInRole(String role) +205 System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +120 System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +300 System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +191 System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +3403118 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64
Cause of the problem seems to be rather silly. A spare, disabled by default, network interface was accidentally turned-on, it got a dummy IP address not visible from my subnet. This dummy IP addresses got registered in DNS/WINS system and all domain computers where looking for PDC with dummy IP address instead of primary and good one. It seems that turning-off the spare network interface took care of the problem.