Forum Discussion

AlwaysLearning21's avatar
AlwaysLearning21
Copper Contributor
Jul 11, 2023

Kerberos Authentication and SPNs

Hi,

 

I'm new to SharePoint and in the process of setting up SharePoint Server Subscription Edition on-prem.

 

The issue I am having is related to Kerberos authentication for multiple SharePoint sites hosted on the same server, and configuring SPNs.

 

I set up a Central Administration site when first installing SharePoint, with Kerberos as the authentication protocol. In order to make this work, I had to configure an SPN linked to the Farm Administrator account in the format "http/serverFQDN"

 

However, now I want to create a SharePoint site for my users which also uses Kerberos authentication.

 

If I have two different sites hosted on the same SharePoint server (the Central Administration site and the site for users to access), how can I configure different service accounts for each site, with both of them using Kerberos authentication? When I try to set SPN for one account "http/serverFQDN" , it works, but if I try to set the SPN for the second account - also "http/serverFQDN", it says "a duplicate SPN has been found  - aborting operation".

 

So I can't set both service accounts to use the hostname of the server for its SPN, because this will not be a unique SPN. Does anyone know how I can make this work?

 

Thanks in advance

No RepliesBe the first to reply

Resources