How to Configure a service principle name for the application pool identity

Rate: (5 Ratings)

If the application pool identity for the site is configured to use a built-in security principal (such as NT Authority\Network Service or NT Authority\Local System), you most likely do not have to perform this step. You can do this to "redo" the spn. The built-in accounts are automatically configured to work with Kerberos authentication. However, if you use a remote Microsoft SQL Server database it is not recommended that you use a built-in security principle or an account such as domain/computername$. If the application pool identity is a domain user account, you must configure an service principle name (SPN) for that account. To configure an SPN for the domain user account, follow these steps:

Flag Article

Instructions

Difficulty: Moderate

Things You’ll Need:

Setspn.exe

Step1

Download Setspn.exe http://www.microsoft.com/downloads/details.aspx?familyid=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46&displaylang=en

Step2

Use the Setspn.exe tool to add an SPN for the domain account. To do this, type the following line at the command prompt: setspn -A HTTP/ServerName Domain\UserName where ServerName is the fully qualified domain name (FQDN) of the server, Domain is the name of the domain, and UserName is the name of the domain user account.