Manually recording DNS names to be used in SPNs

If you do not use the domspnego.cmd utility, manually record the DNS names that are shown in URLs that are used to access the Domino® server. How you determine which DNS names require SPNs depends on whether your single sign-on configuration is done through Web Site documents or Server documents.

Recording DNS names using Web Site documents

If your SSO configuration is done through Web Site documents, perform the following steps for each Domino® server you want to configure.

Procedure

  1. Open the Web > Internet Sites view of the Domino® Directory.
  2. Open a Web Site document that you administer.
  3. On the Basics tab, verify that the Domino servers that host this site field shows the name of the Domino® server you are configuring, or a wildcard (*).
  4. Write down each name listed in the Host names or addresses mapped to this site field that is associated with the Domino® server you are configuring for Windows single sign-on. When recording names, use the fully qualified DNS name format.

    For an IP address, write down the fully qualified DNS name that would appear in a URL.

  5. If a listed host also has an alias, record a host name associated with the alias.
  6. If an IP sprayer that load balances requests among Domino® servers is used and is not listed, write down its fully qualified name. An IP sprayer configuration may be done outside the Domino® Directory.

Recording DNS names using Server documents

If your SSO configuration is done through Server documents, perform the following steps for each Domino® server you want to configure.

Procedure

  1. In the Domino® Directory, click Configuration > Servers > All Server Documents and open the Server document for the Domino® server you are configuring.
  2. Click Internet Protocols > Domino Web Engine. Verify that Multiple Servers (SSO) is selected in the Session authentication field.
  3. Look at the value in the Web SSO Configuration field. You will need to know this value in next step.
  4. From the Domino® Directory, click Configuration > Web > Web Configurations. Expand Web SSO Configuration, and open the document associated with the Web SSO Configuration you found in the previous step.
  5. Look at the Participating Servers field and write down the fully qualified host name of the Domino® server that you administer. To determine the name, look at the Fully qualified Internet host name field in the Server document.
  6. If a listed host also has an alias, record a host name associated with the alias.
  7. Close the Web SSO Configuration document.
  8. From the Configuration > Servers > All Server Documents view, expand the Server document for your server, and then expand and open any virtual host or virtual server documents. Look at the Hostname field and write down any host name that can be used to access the Domino® server.
  9. If an IP sprayer that load balances requests among Domino® servers is used and is not listed already, write down its fully qualified name. An IP sprayer configuration may be done outside the Domino® Directory.