Machine names and SPNs

A Service Principle Name (SPN) is the name by which a client uniquely identifies an instance of a service. By default your IIS machine has SPNs for its hostname, such as myServer, and its Fully Qualified Domain Name (FQDN), such as myServer.branch.example.com.

If the proxy machine is accessed by a name other than either of these, such as myServer.example.com, otherName.company.com, or its IP address, then Active Directory authentication will not work. Your choices are:

  • Access the machine using either its host name or FQDN.

  • Register an additional SPN for the proxy machine on the domain controller. Use the HOST/ service class for the additional names.

SPNs can be viewed and changed with the setspn.exe tool, which Microsoft provides as part of the operating system. More information is available at https://support.microsoft.com/en-us/kb/929650

Copyright © Thunderstone Software     Last updated: Apr 18 2024

 

Copyright © 2024 Thunderstone Software LLC. All rights reserved.