To create ServicePrincipalName (SPN) entries for the Federated Authentication domain service account, follow the steps.
To create SPN entries for the domain service account
-
On a Domain Controller in the domain where Active Roles is installed, log in with Domain Admin credentials to set the following SPNs for the Federated Authentication domain service account, and the delegation settings.
-
Open the Command Prompt with Administrator privileges and enter each of the following commands one by one:
setspn -U -S HTTP/ARWebServerName.YourDomain.com YourDomain\ARFederatedAccountName
setspn -U -S HTTP/ARWebServerName YourDomain\ARFederatedAccountName
setspn -U -S ArAdminSvc/ARServerName.YourDomain.com YourDomain\ARFederatedAccountName
setspn -U -S ArAdminSvc/ARServerName YourDomain\ARFederatedAccountName
-
To confirm that all SPNs are set, run:
setspn -L YourDomain\ARFederatedAccountName
-
Close the Command Prompt.
-