How do I add an SPN?

A. Using the Windows 2003 Support Tools utility Setspn, you can add SPNs by using the -a switch, passing the full information for the SPN and the account it's to be associated with. For example, to register a SQL Server service with the jsavill account (assuming I'm running SQL Server under the jsavill account, which probably wouldn't be the case), I would use

C:\>setspn -A MSSQLSvc/johnpc.savilltech.net:1433 savilltech\jsavill
Registering ServicePrincipalNames for CN=John
Savill,OU=Users,DC=savilltech,DC=net
MSSQLSvc/johnpc.savilltech.net:1433
Updated object

Notice the format of the SPN should follow the "service type"/"instance name":"port"/"service name" format, but because the service name and type were the same (MSSQLSvc), the service name was omitted from the command line. During SPN creation, the system checks that the account name passed is valid. Once registered, the SPN is viewable, as follows:

C:\>setspn -l savilltech\jsavill
Registered ServicePrincipalNames for CN=John
Savill,OU=Users,DC=savilltech,DC=net:
MSSQLSvc/johnpc.savilltech.net:1433

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish