Overview
If you have configured Windows authentication but use an alternative address to access SquaredUp which is not the server name, then you will need to configure SPNs for that address, as described in this article.
When to use this article
This article applies if:
- You want to enable Windows authentication (single sign-on)
- SquaredUp is not installed on SCOM management servers
- You have another address you use to access SquaredUp, for example a DNS alias or alternative binding, which is not the SquaredUp server name.
If you use a load balancer there are also other steps to consider, see How to configure Windows authentication when SquaredUp is installed on load balanced servers
Procedure
If you have another address you use to access SquaredUp, for example a DNS alias or alternative binding, you should create two additional SPNs for this address, the shorter address and the fully qualified domain name (FQDN).
-
On a domain controller click on the Start button type:
Command Prompt - Right-click on the Command Prompt icon and click Run as administrator
-
Type:
SETSPN -S HTTP/Hostname domain\SquaredUpAccountWhere
Hostnameis the address you specified in DNS Manager,domainis your domain, andSquaredUpAccountis the domain service account that you set as the SquaredUp application pool identity. - Check that it shows
Updated Object. If it showsDuplicate SPN found, aborting operation!see Troubleshooting Duplicate SPNs -
Once complete, type the following for the fully qualified domain name (FQDN):
SETSPN -S HTTP/Hostname.domain.tld domain\SquaredUpAccountWhere
tldis the top level domain. - Check that it shows
Updated Object. If it showsDuplicate SPN found, aborting operation!see Troubleshooting Duplicate SPNs
For more information see Troubleshooting Kerberos