You need to configure the service accounts for the Directory Support Service (DSS) and the Application Server to operate with unconstrained delegation in distributed setup.
To configure the service accounts with unconstrained delegation
Identify the user accounts to be used as the service accounts for DSS and Application Server.
Create the Service Principal Name (SPN) for the Application Server and the DSS services.
The SPN for both the short NetBIOS name and the fully-qualified host name (FQDN) is created. While delegation can work without SPN in Windows Server 2000 domains, it can also fail depending on the operating system that is in use.
You must associate an SPN to a single user account.
The service-name portion of the SPN must match the following:
Enable delegation for the Application Server's service account.
The following service accounts are to be enabled:
When installing the Application Server, specify the FQDN when prompted by the setup for the computer that installed the DSS. This is not mandatory, but sometimes specifying a short NetBIOS name can cause problems.
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@systemmanager.forsenergy.ru to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.