SharePoint Content Deployment with Kerberos-enabled Farm
We're wrapping up a project where we're building a publicly accessible dot com site in SharePoint.
When designing the topology for the site, we followed Microsoft's guidance for Publishing sites where no authoring happens directly on the live site. Instead, we have a dedicated Authoring environment which is part of the intranet SharePoint farm. Content Deployment jobs are then configured to deploy content (what else) to the live site, which lives in its own SharePoint farm out in the DMZ.
We recently enabled Kerberos in the farm and switched all web applications to use Negotiate authentication instead of NTLM. So everything including Central Administration, the Shared Services Provider, and all content web applications now authenticated users using Kerberos.
One morning, I noticed that I hadn't yet received the nightly "Content Deployment Job Succeeded" email. I went into Central Administration to check on the Content Deployment job and noticed that it was stuck in "Preparing".
A quick Google yielded a bunch of results about content deployment jobs being stuck in Preparing mode. However, they all pointed to an issue which was fixed in the Infrastructure Updates. We were fully and currently patched, so I figured something else was causing this.
In my research, I found a blog posting by Stefan Goßner called Pimp My Content Deployment Job. In the posting Stefan points to a hidden list which shows all the Content Deployment paths configured in the farm. I guess it's not really hidden, since you can find it via Site Settings --> Lists and Libraries.
Upon examining the specific Content Deployment path, I noticed that it's AuthenticationType property was set to NTLM
I edited the ListItem (highly unsupported), and saw that AuthenticationType was just a text property. Take a look at the documentation on MSDN, it's just a String property ... I had hoped it would be an enum or something more intuitive.
I tried changing the value of AuthenticationType to Kerberos, or Negotiate, resetting IIS, and firing off my Content Deployment job again without success. It would always get stuck in Preparing.
Unfortunately, the only thing that resolved it was to change the Authentication Provider for my web application back to using NTLM.