
What is a service Principal Name (SPN)?

What is a service Principal Name (SPN)?

A service principal name, also known as an SPN, is a name that uniquely identifies an instance of a service. For proper Kerberos authentication to take place the SPN’s must be set properly. SPN’s are Active Directory attributes, but are not exposed in the standard AD snap-ins.

What happens when SPN’s are not set correctly?

When SPN’s are not set correctly authentication will be dropped at the CRM server and the request to SRS will come from NT Authority\\Anonymous Logon. This will result in a 401 authentication error. The format of an SPN is / : / . Port number and service name are optional elements of the SPN.

How do I set SPN’s in Active Directory?

Using ADSI Edit and the SetSPN command-line tool are the most common ways of setting SPN’s. NOTE: When moving or adding SPN’s it is important that a duplicate is not created. SPN’s must be Unique. ADSI Edit is a LDAP editor that allows you to manage objects and attributes in Active Directory.

READ ALSO:   Can you eat around mold in applesauce?

What is the SPN port number and service name?

Port number and service name are optional elements of the SPN. It is most common to see port or service name used with SQL SPN’s. You typically define either the SQL port used, service name of the database instance or the SQL named instance name.

What are SPN’s in Kerberos authentication?

For proper Kerberos authentication to take place the SPN’s must be set properly. SPN’s are Active Directory attributes, but are not exposed in the standard AD snap-ins. Ensuring the correct SPN’s are set becomes very important when applications such as CRM, SQL Reporting Services (SRS), and SQL are split into multiple servers.

How to check the set of SPNS for the machine account?

You can check the set of existing SPNs for the machine account by running the following command: > Setspn.exe -L or directly using Snap-in like Adsiedit.msc. SCENARIO 2a SPNs will be required ONLY for the IIS machine account in the following format:

READ ALSO:   Can you edit a PDF document for free?

What is the default SPN for host service class?

By default SPN’s with the HOST service class are set under all computer accounts. There will be an SPN present for both the NetBIOS and Fully Qualified Domain Name (FQDN). Format of the HOST SPN’s will be HOST/ and HOST/ . .