In certain cases you might want to assign Service Principal Names (SPNs) manually, rather than using the Domino utility.

Use of the domspnego utility is recommended when you want to assign Service Principal Names (SPNs) to one account that multipleHCL Domino® servers share, which is best practice. If instead you assign SPNs to a separate account for each Domino server, such as the default Local System account, you might want to collect DNS names manually, and have your Active Directory administrator run setspn.exe manually instead, because this case would require the domspnego utility to be run once for each account used.

Manually recording DNS names to be used in SPNs
If you do not use the domspnego.cmd utility, manually record the DNS names that are shown in URLs that are used to access the Domino server. How you determine which DNS names require SPNs depends on whether your single sign-on configuration is done through Web Site documents or Server documents.

Assigning SPNs using the setspn utility
The Active Directory administrator uses the setspn.exe utility to define the required DNS names in URLs as SPNs in an Active Directory account. To define SPNs in an account, the Active Directory administrator must belong to either the Domain Admins group or Enterprise Admins group or must have the Validated write to service principal name permission.

Related tasks
Manually recording DNS names to be used in SPNs
Assigning SPNs using the setspn utility
Setting up the Windows service for Domino

Related information
Troubleshooting Windows single sign-on for Web clients (SPNEGO)

Help on Help

All Help Contents

Help on Help