I am stumbled with the behavior and had troubleshoot the issue for 3 months ( less impact app ) and finally seeking refuge in here.
I have the following setup
IIS Server is 7.5
Intranet App
WIndows Authentication
SQL Server 2012 ( back end)
IIS APp pool using Service account
IIS default app pool = apppoolidentity
IE = IE 7 or IE 8 with Integrated authentication set
SPN set propertly = no duplicate SPN ( followed brian murphy blog strictly :) )
===============================================
Behavior : Users open the webpage - loads successfully
But few scripts which queries the back end database wont load
did good amount of troubleshooting and found and found that ASP impersonation is blocking the traffic
and when i disable the ASP impersonation - i am able to download the content
But there is a problem, it is using service account ( IIS acount ) rather than logged on user to query / write data into sql.
eg:With Impersonation disabled - if frank opens the webpage, the script loads, and when modifications are subimitted to SQL, its using SQL service account to write changes rather frank
how to ensure frank writes the data and any suggestions over the asp impersonation ?