Confused about SPNs

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Confused about SPNs

Hello, I'm new to troubleshooting Kerberos and a little confused about the
SPN's and hopefully someone could clear things up for me.  I am running in a
Windows 2000 environment using three servers, SQL server, web server (IIS
5.0) and a Terminal Server. I am using a web application going from the TS
server to the Web server, and then to the database server.

On the SQL and TS servers I am getting the following error"0x7 -
KDC_ERR_S_Principal_UNKNOWN : Server not found in Kerberos Database"  both
servers are using local system accounts for IIS and SQL, so the default
SPN's are on the server.  When I do a "setspn -L computer name"  should I
only see information about the local server (local SPN's)?  Or should the
SPN's be pointing to a DC?  I read a lot of information about the SPN's but
I guess I am still confused of how this all work.  Do I need to set IIS and
SQL with a Domain account for the services?

I appreciate any help or clarification

Dave Vitko
[hidden email]

Kerberos mailing list           [hidden email]