Part 3 will identify the steps to create a service principal name (SPN). To perform these procedures, you must have membership in Domain Admins.
1. To begin, Go to Start, select Command Prompt, and select Run as administrator.
2. List all SPNs in place for the service account.
Type setSPN -L domainserviceaccount (Ex: setSPN -L hteam5administrator)
3. Create an SPN for the service account.
Type setspn -S HTTP/mywebappurl domainserviceaccount
(Example: setspn -S HTTP/chaupso15sql hteam5administrator)
4. Add an SPN for the FQDN.
Type setspn -S HTTP/mywebappurl.domain.com domainserviceaccount
(Example: setspn -S HTTP/chaupso15sql.huyteam.com hteam5administrator)
5. List the additional SPN.
Type: setspn -L domainserviceaccount (Ex: setspn -L hteam5administrator)
This completes Part 3. If you want to continue reading How to Create a Classic Mode Authentication via ‘Negotiate (Kerberos)’ in SharePoint 2013, check out the rest of our series:
- Part 1: How to Create a Classic Mode Authentication via ‘Negotiate (Kerberos)’
- Part 2: How to Establish Name Resolution
- Part 3: How to Create Service Principal Names
- Part 4: Delegation
- Part 5: How to Authenticate the Provider
- Part 6: How to Verify Functionality
For further reading: