Here are the requirements for a Windows domain account (or a Windows account, for that matter) to be able to connect NormShield database.
1. Make sure that the the Windows domain account, let's assume CORPORATE\normshield, is in the local Administrators group.
2. Make sure CORPORATE\normshield has the db_owner privileges on the NormShield database on the target DB server. To be able to check this, login to the portal machine with the CORPORATE\normshield domain account and fireup a MSSQL Management Studio. Then try to connect the remote database by choosing the Windows Authentication and be able to execute a simple SELECT statement on any table of NormShield database.
3. Make sure that IIS application pool identity is changed to CORPORATE\normshield domain account following the actions in the following image. Since the impersonation didn't work as expected, this somewhat insecure method is chosen. The local role of CORPORATE\normshield might have been anything lower than local Administrators group, but until further research is done this is the way of using a window domain account for a database connection for NormShield.
Alert: Beware that when the domain user's credentials are changed, this action should also be taken to update the credentials of the application pool.
5. Change C:\inetpub\wwwroot\web.config connection string as follows;
6. Now it's a good time to login into the portal and check everything runs smoothly. Moreover, in order to update the portal from now on, you have to login to the portal machine with the CORPORATE\normshield windows domain account since no password is used for the DB connection anymore.