Verify which Service Principal Names (SPN) are Registered with Active Directory for a Computer

search cancel

Verify which Service Principal Names (SPN) are Registered with Active Directory for a Computer

book

Article ID: 234893

calendar_today

Updated On:

Products

Client Management Suite

Issue/Introduction

You are trying to verify which Service Principal Names (SPN) are Registered with Active Directory for a Computer.

Note: Sometimes, you have noticed that client machines may have a hard time registering due to some validations:

Error note: Authentication failed, response to server challenge denied, check credentials are correct, error: The logon attempt failed (0x8009030C)

Environment

ITMS 8.x

Resolution

To check the SPNs that are registered for a specific computer using that computer, you can run the following commands from a command prompt:

setspn -L hostname - Substitute the actual hostname for the computer for hostname (to see the hostname, type hostname as a command prompt).
For example, if you typed hostname at the command prompt and the computer reported the name ContosoDC1, you could then type setspn -L contosoDC1 to see what SPNs are registered for that hostname.

setspn -L localhost - This command will check registrations for the account localhost, which is a name indicative of the local computer.

Source: Service Principal Names (SPN): SetSPN Syntax

Additional Information

January Cumulative Security updates prevent endpoints from registering to task server

Feedback

thumb_up Yes

thumb_down No