it:ad:setspn:issues:host_headers

IT:AD:SetSPN:Issues:Host Headers

Situation

You're offering some form of service (eg: WCF .svc) from a website in IIS accessible via a *host header.

Solution

  • Ensure the Virtual Directory is running under the correct AppPool.
    • Note that if you use Visual Studio to set up the VD (using the button in Properties/Web) it will not create the VD, but won't hook it up to the right AppPool.
  • You won't be able to access the service from another computer using a host headers file unless both computers (server/client) have a HOST file entry for the server
  • You will not be able to access the server using Kerberos unless an SPN has been entered. Try something like:

Example: 

setspn -A HTTP/{HOST_HEADER} {NETBIOS_COMPUTER_NAME}
setspn -A HTTP/myapp.myclient.local iisServerV1

Reference: http://support.microsoft.com/kb/929650

  • An alternate that I've heard several times is to use a second A record rather than a CN….hearsay for now.
  • /home/skysigal/public_html/data/pages/it/ad/setspn/issues/host_headers.txt
  • Last modified: 2023/11/04 01:56
  • by 127.0.0.1