A Service Principal Name (SPN) is an attribute of a user or a computer in the Active Directory environment. SPNs are used to support mutual authentication between a client application and a service using Kerberos without transmitting sensitive authentication data to the service. When a user application connects to a remote service, the user application requests a service ticket from the domain controller (DC). The DC identifies the Kerberos service that is to be used. The Kerberos authentication service searches through the Active Directory to find a matching SPN and issues an appropriate service ticket. Every computer in an Active Directory environment possess at least one SPN. Services such as IIS and SQL Server require SPNs to support Kerberos authentication.
The CCS Application Server and Directory Service require SPNs for successful configuration and functioning. If the SPNs are not configured, the CCS Console and the CCS Web Console sessions cannot authenticate and hence results in CCS operation failure. You must ensure that you plan the user accounts and the service accounts for the Application Server and the Directory Service before you configure the SPNs.
CCS 11.0 provides a batch file containing the Service Principal Names' (SPN) setup script. The SPN script file contains the set SPN commands to set the required SPNs for the CCS components. Provide the script file to the domain administrator to create the Service Principal Names. You can export the batch file during the CCS Suite installation or by using the VerifyDelegation utility located inside the <Install_Directory>\Application Server folder.
The CCS Web Console that uses the Microsoft Internet Information Services also requires a valid SPN. Usually, the IIS SPN is created automatically during the IIS installation. However, in cloned systems the SPNs are not created automatically. Hence, it is important to create and validate the SPNs before installing CCS.