August 16, 2018 at 8:11 am
Hello,
Does anyone know if you need to register both the DNS address of a server and the hostname of the server. We are seeing untrusted domain messages on a few of our servers and in most cases the servers DNS name is used to reach the server. However some application and users use the hostname and there are variations among our environment where sometimes it's just one or the other type of address that's been registered. Has anyone seen something like this?
August 20, 2018 at 1:58 pm
Do you mean IP vs hostname? DNS addresses defines the hostname, this is why I'm asking.
Could you illustrate an example of what you are seeing?
This question would most likely be best served in a forum about windows domain controllers, but I'd be glad to fill in my 2 cents if you give some more details.
August 20, 2018 at 3:04 pm
I you want double hops to work with Kerberos (Linked servers) you need the SPN (Service Principal Name) registered. DNS is for name resolution, a different function, so you need that too. An SPN allows Kerberos to pass a token from server to server forwarding AD credentials.
August 21, 2018 at 7:17 am
Ok - so it sounds like I only need to register the FQDN and not the dns name with SETSPN.
August 21, 2018 at 1:03 pm
To use DNS for the server you need to register those as SPNs as well if you want creds passed using that name to connect.
August 21, 2018 at 1:59 pm
Ok thanks!
How do I mark this as closed?
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply