SECURING
If you do not use the domspnego.cmd utility, manually record the DNS names that are shown in URLs that are used to access the Domino® server. How you determine which DNS names require SPNs depends on whether your single sign-on configuration is done through Web Site documents or Server documents.
Parent topic: Assigning SPNs without using the domspnego utility
Recording DNS names using Web Site documents
If your SSO configuration is done through Web Site documents, perform the following steps for each Domino server you want to configure.
Procedure
1. Open the Web -> Internet Sites view of the Domino Directory.
2. Open a Web Site document that you administer.
3. On the Basics tab, verify that the Domino servers that host this site field shows the name of the Domino server you are configuring, or a wildcard (*).
4. Write down each name listed in the Host names or addresses mapped to this site field that is associated with the Domino server you are configuring for Windows™ single sign-on. When recording names, use the fully qualified DNS name format.
6. If an IP sprayer that load balances requests among Domino servers is used and is not listed, write down its fully qualified name. An IP sprayer configuration may be done outside the Domino Directory.
Recording DNS names using Server documents
If your SSO configuration is done through Server documents, perform the following steps for each Domino server you want to configure.
1. In the Domino Directory, click Configuration -> Servers -> All Server Documents and open the Server document for the Domino server you are configuring.
2. Click Internet Protocols -> Domino Web Engine. Verify that Multiple Servers (SSO) is selected in the Session authentication field.
3. Look at the value in the Web SSO Configuration field. You will need to know this value in next step.
4. From the Domino Directory, click Configuration -> Web -> Web Configurations. Expand Web SSO Configuration, and open the document associated with the Web SSO Configuration you found in the previous step.
5. Look at the Participating Servers field and write down the fully qualified host name of the Domino server that you administer. To determine the name, look at the Fully qualified Internet host name field in the Server document.
6. If a listed host also has an alias, record a host name associated with the alias.
7. Close the Web SSO Configuration document.
8. From the Configuration -> Servers -> All Server Documents view, expand the Server document for your server, and then expand and open any virtual host or virtual server documents. Look at the Hostname field and write down any host name that can be used to access the Domino server.
9. If an IP sprayer that load balances requests among Domino servers is used and is not listed already, write down its fully qualified name. An IP sprayer configuration may be done outside the Domino Directory.
Related tasks Creating a Web SSO configuration document Deciding which accounts to assign the SPNs to Setting up the Windows service for Domino
Related information Troubleshooting Windows single sign-on for Web clients (SPNEGO)