Hello ,
Yes you are correct
I can successfully archive the key to the internal server, I would confirm our client is looking at the external (YES) and then as mentioned check your site setup/SPNs (UNSURE!).
VRPSCCMIBCM01 is the internal name of the IBCM server.
SCCMInternet is the external name of the IBCM server.
VRPSCCMMS03 is the internal name of the server hosting MBAM.
VRPSCCMPR01 is the internal name of the Primary server for Configuration manager.
VRPSCCMSQL01 is the internal name of the SQL Server for Configuration Manager.
What are the SPN needed?
The Web Application Pool as an Identity “NetworkService”, should it run with a service account instead?
Setspn –s https/helpdesk NetworkService ?
Setspn –s https/selfservice NetworkService?
Setspn –s https/SCCMInternet NetworkService?
Setspn –s https/SCCMInternet.ad NetworkService?
Do we need more?
This is the current SETSPN –Q */VRPSCCMIBCM01
There is nothing for the external name SCCMInternet:
C:\Users\rmppqx>setspn -q */vrpsccmibcm01
Checking domain DC=ad
CN=VRPSCCMIBCM01,OU=No Proxy,OU=App,OU=Windows,OU=MITS Servers,DC=ad
CmRcService/VRPSCCMIBCM01.ad
CmRcService/VRPSCCMIBCM01
WSMAN/VRPSCCMIBCM01.ad
WSMAN/VRPSCCMIBCM01
TERMSRV/VRPSCCMIBCM01.ad
TERMSRV/VRPSCCMIBCM01
RestrictedKrbHost/VRPSCCMIBCM01
HOST/VRPSCCMIBCM01
RestrictedKrbHost/VRPSCCMIBCM01.ad
HOST/VRPSCCMIBCM01.ad
Existing SPN found!
C:\Users\rmppqx>setspn -q */SCCMInternet
Checking domain DC=ad
No such SPN found.
Any idea about the SPN to be added setspn -s ...?
Thanks,
Dom