Load Balancing With Kerberos

I’m using haproxy to load balance more than one .net applications. IIS servers cofigured for running https and haproxy too. There are only one self signed certificate, and it’s subject contains all of iis servers ips, domains, and haproxy servers too. I’m using ntlm to authenticate user and I want to switch it to kerberos.

I made an spn record for iis and ha proxy servers. And start all iis for same user.

When I want to go to IIS server directly, i can see the kerberos ticket on the traffic. But when i want to go with haproxy, i cannot see kerberos ticket. Is there any configuration for haproxy to pass kerberos?

Do you have any kind of error?
can you run haproxy in debug mode and and share the output here (anonymise it as required)