Topic last updated -- August 2007

A Service Principal Name (SPN) is the name by which a client uniquely identifies an instance of a service and allows it to authenticate the account running the service using Kerberos authentication. Kerberos is a mutual authentication mechanism used to verify user or host identity in Windows networks.

Configuration Manager site database servers and management point site systems configured as part of network load balancing (NLB) clusters in mixed mode sites require an SPN to be registered in Active Directory Domain Services to allow clients to authenticate them to perform Configuration Manager processes. Without registering an SPN for these site systems, clients and other site systems will not be able to perform Kerberos authentication and communication may fail.

SQL Server computers configured to use the local system account to run the SQL Server service automatically register an SPN in Active Directory Domain Services.

See Also