Re: format of service principal name (SPN)

The application registers the spn by calling DsGetSpn followed by
DsWriteAccountSpn. We have also tried setting it with ADSI edit.

Shakti
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:e$Z5z7saGHA.4416@xxxxxxxxxxxxxxxxxxxxxxx
How exactly are you trying to set them.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Johnny wrote:
Thanks for the response. Yes this is in reference to Kerberos entities.
The SPN allows
us to use the syntax I mentioned but for some reason it does not work
with spaces in the servicename part (which accroding to docmumentation
can be the distinguished name or ldap name of the service). Delegation
of impersonated credentials to a remote server fails because the remote
server receives the "anonymous logon" credential.

Thanks for any help

Shakti
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:%23anIGyNaGHA.3740@xxxxxxxxxxxxxxxxxxxxxxx
SPNs are Kerberos entities and they make use the the Kerberos
canonical name. The distinguished names you mention sound like
Ldap names.

"Johnny" <prem14@xxxxxxx> wrote in message
news:%23uSzc4GaGHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
Hello,

We need to set up the service principal name for a service in this
format

<class>/<host:port>/<service name>

we provide the distinguished name of the service in question. However
we found that this cannot have spaces in them. Surely distinguished
names of objects can have spaces in them. Can you suggest a solution to
this. If we use object guid what format do we enter that?

Thanks
Shakti




.

Relevant Pages

  • Re: 2008 DC Stops responding to local logins
    ... Have a look on this articles, seems that the promotion does not work correct, which causes the replication problem. ... Then restart the server. ... Verifying that the local machine dcontroller05, ... SPN found:LDAP/dcontroller05.campus.university.edu ...
    (microsoft.public.windows.server.active_directory)
  • Re: Kerberos Authentication to VWMare...
    ... A Kerberos Error Message was received: ... Server Realm: ... We have checked the SPN using SetSPN with -L option and see that both MOSS ...
    (microsoft.public.windows.server.security)
  • Re: Domain Replication Problems
    ... the NTFRS is responsible for file replicating the actual GPT ... Mail server crash, I was able to recover it and I setup a software RAID ... is the Schema Owner, but is deleted. ... Failed can not test for HOST SPN ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Replication Problems
    ... Mail server crash, I was able to recover it and I setup a software RAID ... The DC MAIL is advertising itself as a DC and having a DS. ... is the Schema Owner, but is deleted. ... Failed can not test for HOST SPN ...
    (microsoft.public.windows.server.active_directory)
  • Re: Kerberos NTLM
    ... I'll assume it was just a typo, and you do have an SPN registered for your IIS computer account as HTTP/server1.domain.com. ... you want to follow some basic Kerberos troubleshooting steps (like making sure the time is correct on both client and server). ... Joseph T. Corey MCSE, Security+ ...
    (microsoft.public.windows.server.active_directory)