How can I view SPNs for a server?
May 21, 2007
A. To view SPNs (Service Principal Names) registered for a security principal, you can use the Setspn command from the Windows 2003 Support Tools, using the -l parameter and the name of the server. The following example shows the SPNs for a Microsoft Exchange Server system.
C:>setspn -l dalsxc01
Registered ServicePrincipalNames for
CN=DALSXC01,OU=Servers,DC=savilltech,DC=net:
MSSQLSvc/dalsxc01.savilltech.net
exchangeMDB/dalsxc01.savilltech.net
exchangeMDB/DALSXC01
exchangeRFR/dalsxc01.savilltech.net
exchangeRFR/DALSXC01
SMTPSVC/DALSXC01
SMTPSVC/dalsxc01.savilltech.net
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dalsxc01.savilltech.net
DNS/dalsxc01.savilltech.net
HOST/dalsxc01.savilltech.net/
HOST/DALSXC01
HOST/dalsxc01.savilltech.net
HOST/dalsxc01.savilltech.net/savilltech.net
The format of an SPN should be "service type"/"instance name":"port"/"service name." If the service name and type are the same, you can leave the service name off the end--for example, "service type"/"instance name":"port." If the port is the default for the service type, it can be left off, too--for example, "service type"/"instance name."
About the Author
You May Also Like