Showing posts with label SPN. Show all posts
Showing posts with label SPN. Show all posts

Tuesday 28 June 2022

Register a Service Principle Name (SPN) for MBAM Web Application

When I am working to build MBAM infrastructure and during the MBAM web server setup I got below warnings/errors on MBAM web and setup event logs:

MBAM Event logs:
 
Log Name: Microsoft-Windows-MBAM-Setup/Admin
Task Category: WebProviderWarning
Event ID: 502
Keywords: Configurator,Cmdlet,WebApplication
Web application provider warning.
Description:
Cannot register the Service Principal Name (SPN) "HTTP/MBAMWEB.pj360i.co.uk" on the AppPool account "pj360i\MBAMAppPool". You may not have the required permissions to create the SPN. The SPN must be created for MBAM to function properly. Configure the SPN manually. http://go.microsoft.com/fwlink/?LinkId=390155
Could not set Service Principal Name (SPN) "HTTP/MBAMWEB.pj360i.co.uk". Error 0x21C7.
Could not set Service Principal Name (SPN) "HTTP/recoverykey.pj360i.co.uk". Error 0x2098.

Log Name: Microsoft-Windows-MBAM-Web/Admin
Task Category: WebAppSpnError
Event ID: 1
Keywords: Spn,WebApplication
Application: Microsoft BitLocker Administration and Monitoring/ServiceDesk is missing the following Service Principal Names (SPNs): http/HTTP/MBAMWEB.pj360i.co.uk
Application: Microsoft BitLocker Administration and Monitoring/SelfService is missing the following Service Principal Names (SPNs):
http/HTTP/MBAMWEB.pj360i.co.uk
Register the required SPNs on the account: MBAMAppPool.
For more information go to: http://go.microsoft.com/fwlink/?LinkId=526511

Register a Service Principle Name (SPN) for MBAM Web Application

When using the setspn command to add SPNs, the SPN must be specified correctly. The format of an HTTP SPN is http/host. The following is the command syntax for using the SetSPN tool to create an SPN for the service/server:

Syntax: Setspn -s http/<computer-name>.<domain-name> <domain-user-account>

Steps to register SPN:

1. Log in as domain administrator to the domain controller.
2. Launch the Command Prompt window.
3. Copy the following command, substituting placeholder values with actual data:
        Setspn -s http/<computer-name>.<domain-name> <domain-user-account>

    In my case: Setspn -s http/MBAMWEB.pj360i.co.uk pj360i\MBAMAppPool
4. Execute the command.
at No comments:
Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)

FREE Cybersecurity Certifications

Here's 15 FREE courses provided by the Qualys. The cybersecurity firm Qualys focuses on providing cloud-based security and compliance so...