Overview
If you have configured Windows authentication but use an alternative address to access SquaredUp which is not the server name, then you will need to configure SPNs for that address, as described in this article.
When to use this article
This article applies if:
- You want to enable Windows authentication (single sign-on)
- SquaredUp is not installed on SCOM management servers
- You have another address you use to access SquaredUp, for example a DNS alias or alternative binding, which is not the SquaredUp server name.
If you use a load balancer there are also other steps to consider, see How to configure Windows authentication when SquaredUp is installed on load balanced servers
Procedure
If you have another address you use to access SquaredUp, for example a DNS alias or alternative binding, you should create two additional SPNs for this address, the shorter address and the fully qualified domain name (FQDN).
-
On a domain controller click on the Start button type:
Command Prompt
- Right-click on the Command Prompt icon and click Run as administrator
-
Type:
SETSPN -S HTTP/Hostname domain\SquaredUpAccount
Where
Hostname
is the address you specified in DNS Manager,domain
is your domain, andSquaredUpAccount
is the domain service account that you set as the SquaredUp application pool identity. - Check that it shows
Updated Object
. If it showsDuplicate SPN found, aborting operation!
see Troubleshooting Duplicate SPNs -
Once complete, type the following for the fully qualified domain name (FQDN):
SETSPN -S HTTP/Hostname.domain.tld domain\SquaredUpAccount
Where
tld
is the top level domain. - Check that it shows
Updated Object
. If it showsDuplicate SPN found, aborting operation!
see Troubleshooting Duplicate SPNs
For more information see Troubleshooting Kerberos