|Setspn –l machineaccount|
|FQDN Machine name: illuminatiserver.domain.com|
|Note: Be careful while choosing a hostname. The hostname shouldn’t have “www.” If we have www in the hostname Kerberos will fail, because when a client tries to access a site with hostname www in it, it will try to go over internet rather than intranet zone.|
|Setspn –a HTTP/HOSTNAME machineaccount|
|Setspn –a HTTP/HOSTNAME domainaccount|
|Note: These commands can be run on any machines within the domain but In order to create or delete SPN’s you need to be a domain admin privileges.|
|Note: If we have both useAppPoolCredentials and kernel mode set to true useAppPoolCredentials takes precedence and application pool account is used for decryption of the ticket. Usekernelmode setting was introduced from IIS 7 and higher versions. In IIS 6 and lower version always the application pool identity was used for decryption of the token/ticket.|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.