Part 3 will identify the steps to create a service principal name (SPN). To perform these procedures, you must have a membership in Domain Admins.

1. To begin, Go to Start, select Command Prompt, and select Run as administrator.

2. List all SPNs in place for the service account.

Type setSPN -L domainserviceaccount (Ex: setSPN -L hteam5administrator)

Press Enter.

3. Create an SPN for the service account.

Type setspn -S HTTP/mywebappurl domainserviceaccount

(Example: setspn -S HTTP/chaupso15sql hteam5administrator)

Press Enter.

4. Add an SPN for the FQDN.

Type setspn -S HTTP/mywebappurl.domain.com domainserviceaccount

(Example: setspn -S HTTP/chaupso15sql.huyteam.com hteam5administrator)

Press Enter.

5. List the additional SPN.

Type: setspn -L domainserviceaccount (Ex: setspn -L hteam5administrator)

Press Enter.

This completes Part 3. If you want to continue reading How to Create a Classic Mode Authentication via ‘Negotiate (Kerberos)’ in SharePoint 2013, check out the rest of our series:

• Part 1: How to Create a Classic Mode Authentication via ‘Negotiate (Kerberos)‘
• Part 2: How to Establish Name Resolution
• Part 3: How to Create Service Principal Names
• Part 4: Delegation
• Part 5: How to Authenticate the Provider
• Part 6: How to Verify Functionality

For further reading:

• Using Kerberos for SharePoint Authentication
• The first Kerberos guide for SharePoint 2013 technicians