Windows print spooler making indecipherable kerberos spn request

ajm-b · ‎Jun 23 2022

I've been looking at eliminating NTLM use in my domain, and noticed that Windows clients' print spooler service is falling back to using NTLM to reach the print server. Digging deeper, it's making a request that I can't decipher at all...

"The service principal name (SPN) krbtgt/NT Authority@<my domainfqdn> is not registered, which caused Kerberos authentication to fail: 0x7. Use the setspn command-line tool to register the SPN."

Kerberos auth works for everything else in the domain, I'm ONLY seeing this from the print spooler.

Squirrel215 · ‎Sep 16 2022

I'm having the same issue. Any luck?

wrecklessw1 · ‎Dec 08 2022

the print spooler runs as system, so it uses the HOST SPN. Make sure the server which has print services is a server and has the host spn for it's name registered

jessev · ‎Mar 03 2023

See the article below. Perhaps it will answer some of your questions.

A Print Nightmare Artifact - krbtgt/NT Authority
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/a-print-nightmare-artifact-kr...

Windows print spooler making indecipherable kerberos spn request

Windows print spooler making indecipherable kerberos spn request

Re: Windows print spooler making indecipherable kerberos spn request

Re: Windows print spooler making indecipherable kerberos spn request

Re: Windows print spooler making indecipherable kerberos spn request

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Windows print spooler making indecipherable kerberos spn request

Windows print spooler making indecipherable kerberos spn request

Re: Windows print spooler making indecipherable kerberos spn request

Re: Windows print spooler making indecipherable kerberos spn request

Re: Windows print spooler making indecipherable kerberos spn request