2

I registered a domain account as an HTTP SPN earlier today before realising that it would break my Network Service app pools, so I then deleted those registrations for the domain account.

I think I now need to add Network Service back as an SPN to get those app pools working again for Windows Authentication. What is the syntax to do this? I can't work out what the Network Service account is actually called in setspn syntax.

Thanks!

anna
  • 23
  • 1
  • 5

1 Answers1

-2

You can reset the computer to use the default SPNs by using this command:

setspn -R hostname

hostname is the actual host name of the computer object that you want to update.

To verify the existing SPNs you can use:

setspn -L hostname

Soundlink
  • 3,915
  • 2
  • 28
  • 36
  • Specifying the hostname as the user account is the correct thing to do for network service account. - the [LINK](https://support.microsoft.com/en-gb/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on) documentation (microsoft) says "The HOST service represents the host computer. The Kerberos protocol uses the HOST SPN to access the host computer. ... "Therefore, when you use the default HTTP service class, the Kerberos protocol uses the computer account as the service account to request a service ticket.” – stuartm9999 Jun 04 '18 at 10:16