Part 3 will identify the steps to create a service principal name (SPN). To perform these procedures, you must have a membership in Domain Admins.
1. To begin, Go to Start, select Command Prompt, and select Run as administrator.
2. List all SPNs in place for the service account.
Type setSPN -L domainserviceaccount (Ex: setSPN -L hteam5administrator)
3. Create an SPN for the service account.
Type setspn -S HTTP/mywebappurl domainserviceaccount
(Example: setspn -S HTTP/chaupso15sql hteam5administrator)
4. Add an SPN for the FQDN.
Type setspn -S HTTP/mywebappurl.domain.com domainserviceaccount
(Example: setspn -S HTTP/chaupso15sql.huyteam.com hteam5administrator)
5. List the additional SPN.
Type: setspn -L domainserviceaccount (Ex: setspn -L hteam5administrator)
This completes Part 3. If you want to continue reading How to Create a Classic Mode Authentication via ‘Negotiate (Kerberos)’ in SharePoint 2013, check out the rest of our series:
- Part 1: How to Create a Classic Mode Authentication via ‘Negotiate (Kerberos)‘
- Part 2: How to Establish Name Resolution
- Part 3: How to Create Service Principal Names
- Part 4: Delegation
- Part 5: How to Authenticate the Provider
- Part 6: How to Verify Functionality
For further reading: