Overview#Typically SPN entries are generated by the service automatically. Occasionally you may need to manually SPN Registration.
Setspn.exe is a command line tool that enables you to read, modify, and delete the Service Principal Names (SPN) directory property. This tool also enables you to view the current SPNs, reset the account's default SPNs, and add or delete supplemental SPNs.
- what service is it for
- which name will be used to access it
- what port is it running at.
For most services this is straightforward, but Internet Explorer as a web browsing client complicates this. IE6, IE7 and IE8 still ignore the port entered in the address bar. They even ignore the name if it is a CNAME record.
Make sure to use ping or nslookup whenever troubleshooting your SPN’s. It will show you how and if the name you registered the service under is reachable.
Using Setspn.exe#The following example illustrates the syntax used to register manually register an SPN for a TCP/IP connection:
setspn -A MSSQLSvc/myhost.redmond.microsoft.com:1433 accountname
Note If an SPN already exists, it must be deleted before it can be reregistered. You do this by using the Setspn.exe command together with the -D switch. The following examples illustrate how to manually register a new instance-based SPN. For a default instance, use:
setspn -A MSSQLSvc/myhost.redmond.microsoft.com accountname
For a named instance, use:
setspn -A MSSQLSvc/myhost.redmond.microsoft.com:instancename accountname