Set Service Principal Names

SETSPN is a command to use from an elevated Command Prompt or Powershell window:

•      The SETSPN command will accept any string in the data part of the command, so triple check what you have typed

•      Kerberos does not tolerate duplicate SPNs, even though they can mistakenly exist:

•      From a Domain Controller check for duplicates using “SETSPN -X”

•      If there are duplicate SPNs, delete all of them before creating a single correct SPN in their place

•      SPNs are permanent until deleted

•      New SPNs can take quite some time, to propagate throughout your network

•      If local firewalls are used, ports will need to be opened for the services they provide

Examples:

•      Web Server web sites

•      Setspn -s https/conquestapi.conquest-solutions.com.au ServerName$

•      Setspn -s https/conquestprod.conquest-solutions.com.au ServerName$

•      SQL Server Reporting Services

•      Setspn -s http/report2.conquest-solutions.com.au ServerName$

•      File System

•      Setspn -s cifs/krejza.conquestsolutions.local ServerName$