Kerberos Authentication and SPNs

Copper Contributor



I'm new to SharePoint and in the process of setting up SharePoint Server Subscription Edition on-prem.


The issue I am having is related to Kerberos authentication for multiple SharePoint sites hosted on the same server, and configuring SPNs.


I set up a Central Administration site when first installing SharePoint, with Kerberos as the authentication protocol. In order to make this work, I had to configure an SPN linked to the Farm Administrator account in the format "http/serverFQDN"


However, now I want to create a SharePoint site for my users which also uses Kerberos authentication.


If I have two different sites hosted on the same SharePoint server (the Central Administration site and the site for users to access), how can I configure different service accounts for each site, with both of them using Kerberos authentication? When I try to set SPN for one account "http/serverFQDN" , it works, but if I try to set the SPN for the second account - also "http/serverFQDN", it says "a duplicate SPN has been found  - aborting operation".


So I can't set both service accounts to use the hostname of the server for its SPN, because this will not be a unique SPN. Does anyone know how I can make this work?


Thanks in advance

0 Replies