Does Sharepoint 2010 support classic-mode for application pool ?

The Answer is No.
If you set your sharepoint web application’s application pool mode as classic mode you get the fallowing error :
“This operation requires IIS integrated pipeline mode.”

For more information about Sharepoint 2010 Architecture please read fallowing article :

For more information about Integrated-Pipeline:

Multiple application pool identity senario when using NLB with kerberos auth for Sharepoint

First of all i assume that your farm is running behind a NLB cluster and configured using kerberos authentication successfully.

Here is the scenario:

Sharepoint 2010 WFE1 :
->IP:  FQDN :  , Windows 2008 server SP2 x64 , IIS 7.0

Sharepoint 2010 WFE2:
->IP:  FQDN : , Windows 2008 server SP2 x64 , IIS 7.0

NLB Cluster IP :   FQDN:

We have 2 sharepoint application running on port 80:
App1: already configured using Kerberos Auth  :
Host Header :  AppPool account : Contoso\bugra

App2 : is using NTLM (just now)
Host Header :  AppPool account Contoso\postman

In order for Kerberos authentication to work we configured:
When you run IIS in a clustered environment or in a load-balanced environment, you access applications by using the cluster name instead of by using a node name. This scenario includes network load balancing. In cluster technology, a node refers to one computer that is a member of the cluster. To use Kerberos as the authentication protocol in this scenario, the application pool identity on each IIS node must be configured to use the same domain user account. To configure each IIS node to use the same domain user account, use the following command:
Setspn –A HTTP/CLUSTER_NAME domain\username

(Note: I could able to manage kerberos authentication without defining any SPN to NLB cluster on Windows Server 2008 R2. )

Defined SPN’s:

According to  KB  : SPN for the NLB cluster name: ***
SetSPN -A HTTP/     Contoso\bugra
SetSPN -A HTTP/nlb1     Contoso\bugra

SPN for the cluster node:
SetSPN -A HTTP/    Contoso\bugra
SetSPN -A HTTP/istanbul    Contoso\bugra

What happens if I want to configure an additional web application “” , running under a different application pool “Contoso\postman”  also running Kerberos authentication ?

What about the NLB SPNs – they have a different account. This should be a problem of a duplicate SPN for NLB .Sure it is not able to do it like this way.

1) Create another DNS A record on NLB Cluster ip:
ex:  host  A

2) Create SPN for this FQDN:
SetSPN -A HTTP/     Contoso\postman
SetSPN -A HTTP/newnlbrecord Contoso\postman

And dont forget to create for your app:
SetSPN -A HTTP/    Contoso\postman
SetSPN -A HTTP/ankara Contoso\postman

end of article.