Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Register the AD FS server as a service principal name (SPN)

Applies To: CRM 2015 on-prem

A service principal name, also known as an SPN, is a name that uniquely identifies an instance of a service. Ensuring that the correct SPNs are set becomes important when applications such as Microsoft Dynamics CRM, Microsoft SQL Server Reporting Services, and Microsoft SQL Server are split onto multiple servers. When these applications are split across servers, the users' credentials must be passed from one server to another. This process, known as Kerberos delegation, allows a service to impersonate your credentials to another server.

For more information on SPNs, see: Configuring service principal names (SPNs)

  1. Rerun the Configure Claims-Based Authentication Wizard and advance to the Specify the security token service page. Note the AD FS server in the Federation metadata URL (for example, sts1.contoso.com).

  2. Open a command prompt.

  3. Type the following commands: (replace your data in the example command below)

    • c:\>setspn -s http/sts1.contoso.com contoso\crmserver$

      If you’ve deployed AD FS on a second server, replace crmserver$ with adfsserver$ in the above sample command. Adfsserver is the name of the server running AD FS.

    • c:\>iisreset

See Also

Send comments about this article to Microsoft.

© 2015 Microsoft. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft