BigIP Kerberos constrained delegation and Web farm servers

SO I have been testing apm and kerberos constrained delegation. It is working in my current setup.

 

Current setup is:

 

BigIP LTM/APM version 12.1.3

 

Windows 7 client machine

 

An active directory domain

 

A web application with 2 servers.

 

Web site is running under an AD service account.

 

I didn't create the delegation to the web servers. Instead I created the delegation to the web app service account. bigip service account => web app pool account.

 

Now if I don't put my web site hostname webapp.domain.com = web server ip the setup does not work. If I add webapp.domain.com to the bigip hosts file the setup works. I have 2 servers. So I need to add entries for both servers. Question: is there any better way of doing it without having to put entries in the hosts file. I know dns can be used but the bns entry webapp.domain.com points to the virtual server in this case so that users can reach the site. And I can use only one dns. Why does not the bigip just pick a node in the pool and use it for the delegation. The error in the apm log: Jan 19 11:45:06 F5 err websso.1[17633]: 014d0019:3: /Common/CustomPolicy:Common:e8a77ee0: Kerberos: Failed to resolve IP address: ::ffff:10.0.10.3 If I put the entry webapp.mydomain.com = 10.0.10.3 the delegation succeeds.