Are extra SPNs required when adding new AAMs to SharePoint 2013 Web Apps and HNSC?

Dean-1015 51 Reputation points
2021-07-02T06:29:12.59+00:00

We are adding some Alternative Access Mappings (AAM) to some of our Web Apps and Host Named Site Collections (HNSC).

Do we need to add additional SPNs to the Service Accounts running these sites for the new AAMs?

Authentication settings for the Web Apps is Kerberos, but the new AAMs seem to be defaulting to NTLM. Should I assume that the additional SPNs would fix this?

Extra info: Some of the AAMs will be used for access to the environment via our Azure Application Proxy.

Thanks.

SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,942 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. CaseyYang-MSFT 10,436 Reputation points
    2021-07-05T09:50:27.95+00:00

    Hi @Dean-1015

    Per my research, you could add the SPN for the web application url if you want the new AAMs' authentication settings to be Kerberos as well. And you have to delegate trust. Then change the Web application's authentication settings from NTLM to Kerbros.

    References:
    https://danishrazzak.blogspot.com/2016/01/change-sharepoint-2013-default-ntlm.html
    https://sharepoint.stackexchange.com/questions/220759/how-to-change-the-ntlm-to-kerberos-authentication-in-sharepoint-2013
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.