This content has been marked as final. Show 1 reply
I've never done this with Oracle, but I have done something similar with WCF services. So this may not be the problem, but it's worth checking into.
When you authenticate using Kerberos (or Windows authentication in IIS 7 terminology), you can't by default become that authenticated user an authenticate again against another server. The IIS server isn't registered as a an Active Directory Kerberos delegate, so it can't do impersonation across multiple servers. In this case if you logged into the IIS server using remote desktop and tried to do it locally, it'd probably work (only one "hop" between servers in that case, so no impersonation required).
It's possible to change the Kerberos settings to allow this type of thing, but it requires your network admins to make changes that in my experience they don't like doing. Here's some information on it, though like I said I'm not sure it applies to Oracle as I've never tried it: http://technet.microsoft.com/en-us/library/72612d01-622c-46b7-ab4a-69955d0687c8