Problem to transfer integrated windows authentication from IE to the web site page through an ARR

Hello!

We have a problem to transfer integrated windows authentication from IE to the web site page through an ARR.

We have:

1. Web Site, which is configured on my development PC (Windows 7 x64, IIS 7.5). PC name is MyServer, DNS name is MyServer.company.lan:
1.1. Web Site authentication settings:
- Windows Authentication = enabled (Extended Protection = Off; Enable Kernel mode-authentication = checked; Enabled Providers = Negotiate, NTLM)
- Basic Authentication = enabled
- ASP.NET impersonation = enabled (Identity to impersonate = Authenticated user)
- Anonymous Authentication = disabled
1.2. Web Site AppPool:
- Managed  Pipeline Mode = Integrated
- .NET Framework = 4.0.30319
- Identity = MyDomain\MyPoolUserAccount (have all access rights including impersonation)
1.3. Test page /1.aspx:
<%@ Page Language="C#"%>
UserName=<%=System.Security.Principal.WindowsIdentity.GetCurrent().Name%>

2. ARR (Windows Server 2008 R2, IIS 7.5). Server name = ARR0, DNS = MyARRServer.company.lan:
2.1. Default Web Site AppPool:
- Managed  Pipeline Mode = Integrated
- .NET Framework = 4.0.30319
- Identity = Network Service
1.3. Default Web Site URL rewrite rules:
<rewrite>
  <rules>
    <rule name="MyServer" stopProcessing="true">
      <match url="test1" />
      <action type="Rewrite" url="http://MyServer/1.aspx" />
    </rule>
  </rules>
</rewrite>

3. Domain controller run in 2003 compatibility mode.

4. SPN settings on MyServer:
setspn -F -Q */MyServer
Checking forest DC=company,DC=root
CN=MyServer,OU=CompanyOffice,OU=Computers,DC=company,DC=lan
        HTTP/MyServer.company.lan
        MSSQLSvc/MyServer.company.lan:SQLEXPRESS
        TERMSRV/MyServer
        TERMSRV/MyServer.company.lan
        RestrictedKrbHost/MyServer
        HOST/MyServer
        RestrictedKrbHost/MyServer.company.lan
        HOST/MyServer.company.lan
setspn -L MyDomain\MyPoolUserAccount
Registered ServicePrincipalNames for CN=MyPoolUserAccount,OU=Services,OU=Soft,OU=Special,DC=company,DC=lan:
        HTTP/MyServer.company.lan
        HTTP/MyARRServer
        HTTP/MyARRServer.company.lan

Simple test. Run IE on MyServer, go to http://MyServer/1.aspx and get: UserName=MyDomain\MyAccount. Everything is OK.

ARR test. Run IE on MyServer, go to http://MyARRServer/test1 and get IE security dialog "Connecting to ARR0...", MyDomain\MyAccount and ask me to enter password. NOT OK.
Enter password, but this dialog appears again.

If I disable Integrated Windows Authentication in IE and use basic authentication, then http://MyARRServer/test1 gives me correct result: UserName=MyDomain\MyAccount.

What's wrong with my configuration and settings to use ARR with integrated windows authentication on the web site?

I used http://blogs.msdn.com/b/asiatech/archive/2011/10/26/iis-7-kerberos-authentication-failure-krb-ap-err-modified.aspx to do this settings, but no success.