Gzipwtf.com

Something new for everyone

Users' questions

Are service principal names case sensitive?

Diana Montgomery

Are service principal names case sensitive?

Windows systems are mostly case-insensitive but not everything is, so always use the proper case. The SPN identity is a Windows domain user account that has been mapped to the SPN.

What is a service principal name?

A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name.

How do I find my SPN?

To view SPNs (Service Principal Names) registered for a security principal, you can use the Setspn command from the Windows 2003 Support Tools, using the -l parameter and the name of the server. The following example shows the SPNs for a Microsoft Exchange Server system.

How do I set up a service principal name?

SPNs are registered for built-in accounts automatically. However, when you run a service under a domain user account, you must manually register the SPN for the account you want to use. To create an SPN, you can use the SetSPN command line utility.

What is Kerberoasting?

Kerberoasting is one of the most common attacks against domain controllers. It is used to crack a Kerberos (encrypted password) hash using brute force techniques.

What is the purpose of gMSA?

Group Managed Service Accounts (gMSAs) provide a higher security option for non-interactive applications/services/processes/tasks that run automatically but need a security credential.

How do I fix target principal name is incorrect?

Troubleshooting “The target principal name is incorrect”

  1. Deactivate the service “Key Distribution Center”
  2. Restart Domain Controller.
  3. Start a command-box as administrator and enter the following command:
  4. Restart Domain Controller.
  5. Reset the service “Key Distribution Center” to automatic start and start.

How do I remove a SPN from my service account?

To remove an SPN, use the setspn -d service/name hostname command at a command prompt, where service/name is the SPN that is to be removed and hostname is the actual host name of the computer object that you want to update.

How do I create a gMSA account?

How do I create a gMSA?

  1. Create group of NETID computers to associate with gMSA.
  2. Create gMSA & associate with group from step #1.
  3. Install the gMSA on the computer(s)
  4. Configure the service, IIS app pool, or scheduled task to use the gMSA.

What permissions are needed to run SetSPN?

To perform the tasks that are described in the following sections, you must have membership in Domain Admins, Enterprise Admins, or you must have been delegated the appropriate authority. For information on delegating the permissions to modify SPNs, see Delegating Authority to Modify SPNs.

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top