Just a quick one that hopefully the more experienced guys can answer as I see conflicting suggestions depending on which Technet article you view!
This article says Kerberos should only be enabled if required "due to the extra effort in setting it up" -http://technet.microsoft.com/en-us/library/ff808313(v=exchg.141).aspx
However, blogs such as this state Kerberos should be set up as NTLM can cause bottlenecks - http://blogs.technet.com/b/exchange/archive/2011/04/15/recommendation-enabling-kerberos-authentication-for-mapi-clients.aspx
I was originally planning on enabling the Kerberos ASA as at least it is then using Kerberos from the start (easier to get up and running on a new environment than later on in production if required!) but do people actually use it, or do most people just stick to the default NTLM mechanism?
We are deploying Citrix later on and I have come across problems with Citrix and NTLM double-hop not working in the past which required Kerberos to fix it, so I feel Kerberos should always be enabled despite the extra effort required at the start as it saves having to mess about with a prod environment if it is needed later on - even if you don't need it now. What are people's thoughts?
Kerberos is seen as this big beast of a thing, but I have found it works OK so long as it is set up correctly from the start and not hashed together later on! I am just concerned due to conflicting articles on the web around 2010 and Kerberos and wonder if it is worth the effort setting it up...