Set Service Principal Names

SETSPN is a command to use from an elevated Command Prompt or Powershell window:

      The SETSPN command will accept any string in the data part of the command, so triple check what you have typed

      Kerberos does not tolerate duplicate SPNs, even though they can mistakenly exist:

      From a Domain Controller check for duplicates using “SETSPN -X”

      If there are duplicate SPNs, delete all of them before creating a single correct SPN in their place

      SPNs are permanent until deleted

      New SPNs can take quite some time, to propagate throughout your network

      If local firewalls are used, ports will need to be opened for the services they provide

Examples:

      Web Server web sites

      Setspn -s https/conquestapi.conquest-solutions.com.au ServerName$

      Setspn -s https/conquestprod.conquest-solutions.com.au ServerName$

      SQL Server Reporting Services

      Setspn -s http/report2.conquest-solutions.com.au ServerName$

      File System

      Setspn -s cifs/krejza.conquestsolutions.local ServerName$