I have an application that is using LDAP only with Single Sign On. My web.config authentication is set: <authentication mode="Windows"/> <identity impersonate="true"/> Users login, retrieve a document and are logged off. In a 2 hrs period 1250 users will login and out of the application and 10 users will fail. The same user will have access documents minutes before the failure and minutes after the failure. Error message: Warning: GetUserDN('testuser') from 'LDAP://DC=domain,DC=com': System.Runtime.InteropServices.COMException (0x80072020): An operations error occurred. On the web server I will see the user authenticated with NTLM instead of Kerberos Failed: Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: TESTMACHINE Logon GUID: - Vs: Good: Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {ad208202-d700-fcfc-5782-713441f31ef8} If I run and test webpage from the user workstation to retrieve the users credential It returns: You have connected from your browser to IIS using Kerberos authentication Also the .ini file for the application open a login file which has modify rights for all users but when the login fails using a filemon trace I see an access denied error for the log. The kerberos credentials are being lost and it take about 20minutes before they are reset by policy before they will get in. Any suggestions on what to try or set to resolve this?