Manually recording DNS names to be used in SPNs
If you do not use the domspnego.cmd utility, manually record the DNS names that are shown in URLs that are used to access the Domino® server. How you determine which DNS names require SPNs depends on whether your single sign-on configuration is done through Web Site documents or Server documents.
Recording DNS names using Web Site documents
If your SSO configuration is done through Web Site documents, perform the following steps for each Domino® server you want to configure.
Procedure
- Open the Domino® Directory. view of the
- Open a Web Site document that you administer.
- On the Basics tab, verify that the Domino servers that host this site field shows the name of the Domino® server you are configuring, or a wildcard (*).
- Write down each name listed in the Host names
or addresses mapped to this site field that is associated
with the Domino® server you
are configuring for Windows™ single
sign-on. When recording names, use the fully qualified DNS name format.
For an IP address, write down the fully qualified DNS name that would appear in a URL.
- If a listed host also has an alias, record a host name associated with the alias.
- If an IP sprayer that load balances requests among Domino® servers is used and is not listed, write down its fully qualified name. An IP sprayer configuration may be done outside the Domino® Directory.
Recording DNS names using Server documents
If your SSO configuration is done through Server documents, perform the following steps for each Domino® server you want to configure.
Procedure
- In the Domino® Directory, click and open the Server document for the Domino® server you are configuring.
- Click Multiple Servers (SSO) is selected in the Session authentication field. . Verify that
- Look at the value in the Web SSO Configuration field. You will need to know this value in next step.
- From the Domino® Directory, click . Expand Web SSO Configuration, and open the document associated with the Web SSO Configuration you found in the previous step.
- Look at the Participating Servers field and write down the fully qualified host name of the Domino® server that you administer. To determine the name, look at the Fully qualified Internet host name field in the Server document.
- If a listed host also has an alias, record a host name associated with the alias.
- Close the Web SSO Configuration document.
- From the Hostname field and write down any host name that can be used to access the Domino® server. view, expand the Server document for your server, and then expand and open any virtual host or virtual server documents. Look at the
- If an IP sprayer that load balances requests among Domino® servers is used and is not listed already, write down its fully qualified name. An IP sprayer configuration may be done outside the Domino® Directory.