SPN | Application | URL Reference |
{14E52635-0A95-4a5c-BDB1-E0D0C703B6C8} | ||
{54094C05-F977-4987-BFC9-E8B90E088973} | Graphon | http://www.graphon.com/files/GGWH4_Admin_Guide.pdf |
AcronisAgent | Acronis backup/data recovery software | |
AdtServer | Microsoft System Center Operations Manager (2007/2012) Management Server with ACS | http://blogs.technet.com/b/jonathanalmquist/archive/2008/08/14/operations-manager-2007-spn-s.aspx |
afpserver | Apple Filing Protocol | http://en.wikipedia.org/wiki/Apple_Filing_Protocol |
AFServer | Pi AF Server | https://livelibrary.osisoft.com/LiveLibrary/content/en/server-v2/GUID-AF6629ED-F956-4E41-B69E-D441A613785C |
Agent VProRecovery Norton Ghost 12.0 | VProRecovery Norton Ghost 12.0 | |
AgpmServer | Microsoft Advanced Group Policy Management (AGPM) | http://technet.microsoft.com/en-us/library/ee390978.aspx |
aradminsvc | Quest Active Roles Server | https://support.oneidentity.com/technical-documents/active-roles/7.0/administrator-guide/24 |
Backup Exec System Recovery Agent 6.x | Backup Exec System Recovery Agent 6.x | |
BICMS | SAP Business Objects | https://blogs.sap.com/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4/ |
BO3SSO | Business Objects? | |
BOCMS | SAP Business Objects | https://blogs.sap.com/2013/11/25/business-objects-ad-authentication-with-kerberos-with-multiple-domains/ |
BOSSO | Business Objects | http://scn.sap.com/thread/2006267 |
CAXOsoftEngine | CA XOsoft Exchange Replication | |
CAARCserveRHAEngine | CA ArcServe | |
CESREMOTE | seems to be related to a Citrix VDI solution on VMWare. Many VDI workstations have this SPN. | |
CIFS | Common Internet File System | http://technet.microsoft.com/en-us/library/cc939973.aspx |
ckp_pdp | Checkpoint Identity | https://sc1.checkpoint.com/documents/R76/CP_R76_IdentityAwareness_AdminGuide/63005.htm |
CmRcService | Microsoft System Center Configuration Manager (SCCM) Remote Control | |
Cognos | IBM Cognos | https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.0.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/t_inst_sso_active_drctry_constrained_del.html |
CUSESSIONKEYSVR | Cisco Unity VOIP System | |
cvs | CVS Repository | |
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04 | Distributed File System Replication | |
DNS | Domain Name Server | http://en.wikipedia.org/wiki/Domain_Name_System |
DynamicsNAV | Microsoft Dynamics? | |
E3514235-4B06-11D1-AB04-00C04FC2DCD2 | NTDS DC RPC Replication | http://www.eventid.net/display-eventid-1645-source-NTDS%20Replication-eventno-351-phase-1.htm |
E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM | Microsoft ADAM Instance | http://technet.microsoft.com/en-us/library/cc776694%28v=ws.10%29.aspx |
exchangeAB | Exchange Address Book service (typically a Domain Controller supporting NSPI, which is usually all GCs) | http://technet.microsoft.com/en-us/library/ff808312%28v=exchg.141%29.aspx |
exchangeMDB | RPC client access – Client Access Server role | http://technet.microsoft.com/en-us/library/ff808312%28v=exchg.141%29.aspx |
exchangeRFR | Exchange Address Book service | http://technet.microsoft.com/en-us/library/ff808312%28v=exchg.141%29.aspx |
EDVR | ExacqVision | https://www.exacq.com/auto/manspec/files/5fea24a1-ad10-9c14-355a-5361ef928482.pdf?rand=9.944301796145737 |
fcsvr | Apple Final Cut Server | |
FIMService | Microsoft Forefront Identity Manager (FIM) | http://technet.microsoft.com/en-us/library/jj134299%28v=ws.10%29.aspx |
FileRepService | WSFileRepService.exe ? | http://msdn.microsoft.com/en-us/library/windows/desktop/dd323324%28v=vs.85%29.aspx |
ftp | File Transfer Protocol | http://en.wikipedia.org/wiki/File_Transfer_Protocol |
flume | Clodera Flume | https://www.cloudera.com/documentation/enterprise/5-6-x/topics/cdh_sg_flume_security.html |
gateway | Hadoop Knox | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
GC | Domain Controller Global Catalog services | http://msdn.microsoft.com/en-us/library/dd207688.aspx |
hbase | Cloudera Hbase | https://www.cloudera.com/documentation/enterprise/5-7-x/topics/cdh_sg_hbase_authentication.html |
HBase | Hadoop MasterServer | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
hdb | Hana DB | https://blogs.sap.com/2018/02/24/single-sign-on-sso-configuration-for-hana-db-using-kerberos/ |
hdfs | Hadoop | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
hive | Hadoop Metastore | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
host | The HOST service represents the host computer. The HOST SPN is used to access the host computer account whose long term key is used by the Kerberos protocol when it creates a service ticket. | http://msdn.microsoft.com/en-us/library/ff649429.aspx |
HTTP | SPN for http web services that support Kerberos authentication | |
httpfs | Hadoop HDFS over HTTP | https://hadoop.apache.org/docs/r2.4.1/hadoop-hdfs-httpfs/index.html |
https | SPN for http web services that support Kerberos authentication | |
Hue | Hadoop Hue Interface | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
Hyper-V Replica Service | Microsoft Hyper-V’s Replica Service | |
iem | IBM BigFix | https://www.ibm.com/developerworks/community/forums/html/topic?id=0e650054-30e4-4bef-ba18-344bb00cd503 |
IMAP | Internet Message Access Protocol | http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol |
IMAP4 | Internet Message Access Protocol version 4 | http://technet.microsoft.com/en-us/magazine/2006.03.howitworksimap4.aspx |
impala | Cloudera Impala | https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_kerberos.html |
ImDmsSvc | Worksite (Imanage) Server | https://www.scribd.com/document/221190593/Worksite-Server-Administrators-Guide-8-5-for-Imanage-server |
ipp | Internet Printing Protocol | http://technet.microsoft.com/en-us/library/cc757981%28v=ws.10%29.aspx |
iSCSITarget | iSCSI Configuration | http://technet.microsoft.com/en-us/library/ee338480%28v=ws.10%29.aspx |
jboss | RedHat Jboss | https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html-single/how_to_setup_sso_with_kerberos/index |
JournalNode Server | Hadoop JournalNode | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
kadmin | Kerberos | http://technet.microsoft.com/en-us/library/bb742433.aspx |
Kafka | Hadoop KafkaServer | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
kafka | Apache Kafka | http://www.gi-architects.co.uk/2016/10/building-a-kerberised-via-ad-and-tlsssl-enabled-apache-kafka-cluster/ |
kudu | Apache Kudu | |
kafka_mirror_maker | Apache Kafka | |
krbsvr400 | IBM OS/400 | https://www-01.ibm.com/software/webservers/hostondemand/library/v8infocenter/hod/en/tutorials/webexpress/scenario3_enableOS400_p1.html |
ldap | LDAP service such as on a Domain Controller or ADAM instance. | http://support.microsoft.com/kb/837513 |
LiveState Recovery Agent 6.x | Symantec LiveState Recovery | http://eval.veritas.com/mktginfo/enterprise/fact_sheets/ent-factsheet_livestate_recovery_6.0_08-2005.en-us.pdf |
magfs | Maginatics MagFS | http://downloads.maginatics.com/MaginaticsMagFSTechnicalWhitepaper.pdf |
mapred | Cloudera Map reduce | http://www.cloudera.com/documentation/archive/cdh/4-x/4-7-1/CDH4-Security-Guide/cdh4sg_topic_3_4.html |
M-Files | M-Files? | https://www.m-files.com/en |
Microsoft Virtual Console Service | HyperV Host | http://blogs.technet.com/b/matthts/archive/2012/06/10/configuring-kerberos-constrained-delegation-for-hyper-v-management.aspx |
Microsoft Virtual System Migration Service | P2V Support (Hyper-V) | http://www.hyper-v.nu/archives/pnoorderijk/2013/03/microsoft-virtual-system-migration-serviceservice-is-missing/ |
mongod | MongoDB Enterprise | http://docs.mongodb.org/manual/core/kerberos/ |
mongos | MongoDB Enterprise | http://docs.mongodb.org/manual/core/kerberos/ |
mr2 | Hadoop History Server | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
MSClusterVirtualServer | Windows Cluster Server | http://support.microsoft.com/kb/302389 |
MSCRMAsyncService | Microsoft Dynamics 365 | https://technet.microsoft.com/en-us/library/hh699825.aspx |
MSCRMSandboxService | Microsoft Dynamics 365 | https://technet.microsoft.com/en-us/library/hh699825.aspx |
MSOLAPDisco.3 | SQL Server Analysis Services | http://support.microsoft.com/kb/917409 |
msolapdisco3 | SQL Server Analysis Services | http://support.microsoft.com/kb/917409 |
MSOLAPSvc | SQL Server Analysis Services | http://support.microsoft.com/kb/917409 |
MSOLAPSvc.3 | SQL Server Analysis Services | http://support.microsoft.com/kb/917409 |
MSOMHSvc | Micrsoft SCOM 2012 | https://blogs.technet.microsoft.com/kevinholman/2011/08/08/opsmgr-2012-what-should-the-spns-look-like/ |
MSOMSdkSvc | Micrsoft SCOM 2012 | https://blogs.technet.microsoft.com/kevinholman/2011/08/08/opsmgr-2012-what-should-the-spns-look-like/ |
MSServerCluster | Windows Cluster Server | http://support.microsoft.com/kb/302389 |
MSServerClusterMgmtAPI | This SPN is needed for cluster APIs to authenticate to the server by using Kerberos | |
MSSQL | Microsoft SQL Server | http://msdn.microsoft.com/en-us/library/ms191153.aspx |
MSSQL$ADOBECONNECT | Microsoft SQL Server supporting Adobe Connect | |
MSSQL$BIZTALK | Microsoft SQL Server supporting Microsoft Biztalk Server | |
MSSQL$BUSINESSOBJECTS | Microsoft SQL Server supporting Business Objects | |
MSSQL$DB01NETIQ | Microsoft SQL Server supporting NetIQ | |
MSSQLSvc | Microsoft SQL Server | http://msdn.microsoft.com/en-us/library/ms191153.aspx |
NAV2016 | Microsoft Dynamics NAV | |
nfs | Network File System | http://blogs.technet.com/b/filecab/archive/2012/10/09/how-to-nfs-kerberos-configuration-with-linux-client.aspx |
Norskale | Citrix Infrastructure | https://docs.citrix.com/en-us/workspace-environment-management/current-release/install-and-configure/infrastructure-services.html |
NPPolicyEvaluator | Quest Change Auditor | |
NPRepository4(DEFAULT) | Quest Change Auditor | https://support.quest.com/change-auditor/kb/97153/how-to-move-the-service-principal-name-spn-from-computer-object-to-a-domain-user |
NPRepository4(*) | Quest Change Auditor | https://support.quest.com/change-auditor/kb/97153/how-to-move-the-service-principal-name-spn-from-computer-object-to-a-domain-user |
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232 | NT File Replication Service | http://en.wikipedia.org/wiki/File_Replication_Service |
oozie | Hadoop Oozie Server | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
OA60 | OpenAccess (sometimes) | https://knowledgebase.progress.com/articles/Article/9903 |
oracle | Oracle Kerberos auth | https://bjornnaessens.wordpress.com/2012/12/21/configuring-kerberos-for-oracle-databases-11-2-with-win2008r2-ad/ |
pcast | Apple Podcast Producer | |
PCNSCLNT | Automated Password Synchronization Solution (MIIS 2003 & FIM) | http://technet.microsoft.com/en-us/library/cc720654%28v=ws.10%29.aspx |
PIServer | Pi AF Server | https://livelibrary.osisoft.com/LiveLibrary/content/en/server-v2/GUID-AF6629ED-F956-4E41-B69E-D441A613785C |
POP | Post Office Protocol | |
POP3 | Post Office Protocol version 3 | |
PVSSoap | Citrix Provisioning Services (7.1) | http://support.citrix.com/proddocs/topic/provisioning-7/pvs-install-task1-plan-6-0.html |
postgres | Postgres database server | https://serverfault.com/questions/225428/how-to-set-the-spn-for-postgres-sspi |
RestrictedKrbHost | The class of services that use SPNs with the serviceclass string equal to “RestrictedKrbHost”, whose service tickets use the computer account’s key and share a session key. | http://msdn.microsoft.com/en-us/library/dd973891.aspx |
RPC | Remote Procedure Call | |
SAP | SAP/SAPService |
http://help.sap.com/saphelp_nwsso20/helpdata/en/57/a3f6afc2eb4aea8d2a31f6482f09f3/content.htm?frameset=/en/15/561fdb7eab4f5d9bf2c6c1d6829373/frameset.htm¤t_toc=/en/ba/a0222bf5da4ed3a655eaef1e4a3b60/plain.htm&node_id=128 |
SAPService | SAP/SAPService |
http://help.sap.com/saphelp_nwsso20/helpdata/en/57/a3f6afc2eb4aea8d2a31f6482f09f3/content.htm?frameset=/en/15/561fdb7eab4f5d9bf2c6c1d6829373/frameset.htm¤t_toc=/en/ba/a0222bf5da4ed3a655eaef1e4a3b60/plain.htm&node_id=128 |
SAS | SAS 9.3 Intelligence Platform | https://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#n1d1zo1jsf2o0en1ehu4c4simfky.htm |
SCVMM | Micrsoft System Center Virtual Machine Manager (SCVMM) | https://docs.microsoft.com/en-us/system-center/vmm/plan-install?view=sc-vmm-1807 |
SQLAgent$DB01NETIQ | SQL service for NetIQ | |
secshd | IBM InfoSphere | |
SeapineLicenseSvr | Helix ALM | |
sentry | Cloudera Enterprise 5.2.x | |
sip | Session Initiation Protocol | http://msdn.microsoft.com/en-us/library/cc246225.aspx |
SMTP | Simple Mail Transfer Protocol | http://technet.microsoft.com/en-us/library/aa995897%28v=exchg.80%29.aspx |
SMTPSVC | Simple Mail Transfer Protocol | http://technet.microsoft.com/en-us/library/aa995897%28v=exchg.80%29.aspx |
SoftGrid | Microsoft Application Virtualization (App-V) formerly “SoftGrid” | http://blogs.technet.com/b/appv/archive/2008/08/21/how-to-configure-the-app-v-management-server-service-to-run-as-a-service-account.aspx |
solr | Apache Solr | |
spark | Apache Spark Server | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.4/bk_spark-component-guide/content/configuring-kerb.html |
informatica | Informatica | https://kb.informatica.com/faq/7/Pages/2/158917.aspx |
Storm | Hadoop Nimbus server | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
STS | VMWare SSO service | http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2058298 |
tapinego | Associated with routing applications such as Microsoft firewalls (ISA, TMG, etc) | |
TERMSERV | Microsoft Remote Desktop Protocol Services, aka Terminal Services. | http://technet.microsoft.com/en-us/library/ee891066%28v=ws.10%29.aspx |
TERMSRV | Microsoft Remote Desktop Protocol Services, aka Terminal Services. | http://technet.microsoft.com/en-us/library/ee891066%28v=ws.10%29.aspx |
tnetdgines | Juniper Kerberos auth? “Tnetd is a daemon used for internal communication between different components like Routing Engine and Packet Forwarding En | |
VCSClusterVirtualServer | Microsoft Cluster Server | |
VMMSvc | Micrsoft System Center Virtual Machine Manager (SCVMM) | |
vmrc | Microsoft Virtual Server 2005 | http://support.microsoft.com/kb/890893 |
vnc | VNC Server | VNC Server |
vpn | Virtual Private Network | |
VProRecovery Backup Exec System Recovery Agent 7.0 | ||
VProRecovery Backup Exec System Recovery Agent 8.0 | ||
VProRecovery Backup Exec System Recovery Agent 8.5 | ||
VProRecovery Backup Exec System Recovery Agent 9.0 | ||
VProRecovery Norton Ghost Agent 12.0 | ||
VProRecovery Norton Ghost Agent 14.0 | ||
VProRecovery Norton Ghost Agent 15.0 | ||
VProRecovery Symantec System Recovery Agent 10.0 | ||
VProRecovery Symantec System Recovery Agent 11.0 | ||
VProRecovery Symantec System Recovery Agent 11.1 | ||
VProRecovery Symantec System Recovery Agent 14.0 | ||
vssrvc | Microsoft Virtual Server (2005) | http://support.microsoft.com/kb/890893 |
WSMAN | Windows Remote Management (based on WS-Management standard) service | http://blogs.technet.com/b/jonjor/archive/2009/01/09/winrm-windows-remote-management-troubleshooting.aspx |
xgrid | Apple’s distributed (grid) computing / Mac OS X 10.6 Server Admin | http://en.wikipedia.org/wiki/Xgrid |
xmpp | Extensible Messaging and Presence Protocol (Jabber) | http://en.wikipedia.org/wiki/XMPP |
yarn | Hadoop NodeManager | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
yarn | Cloudera MapReduce | Cloudera MapReduce |
Zeppelin | Hadoop Zeppelin Server | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
ZooKeeper | Hadoop ZooKeeper | https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/creating_service_principals_and_keytab_files_for_hdp.html |
zookeeper | Cloudera Zookeeper | http://www.cloudera.com/documentation/cdh/5-1-x/CDH5-Security-Guide/cdh5sg_zookeeper_security.html |
NOTE: Domain Controllers automatically map common SPNs to the “HOST” SPN.
The HOST SPN is automatically added to the ServicePrincipalName attribute for all computer accounts when the computer is joined to the domain.
The Domain Controller SPN mapping is controlled by the attribute “SPNMappings” in the following location: “CN=Directory Service,CN=WindowsNT,CN=Services,CN=Configuration”
The following SPNs are automatically mapped to HOST (SPNMapping property value):
- alerter
- appmgmt
- cisvc
- clipsrv
- browser
- dhcp
- dnscache
- replicator
- eventlog
- eventsystem
- policyagent
- oakley
- dmserver
- dns
- mcsvc
- fax
- msiserver
- ias
- messenger
- netlogon
- netman
- netdde
- netddedsm
- nmagent
- plugplay
- protectedstorage
- rasman
- rpclocator
- rpc
- rpcss
- remoteaccess
- rsvp
- samss
- scardsvr
- scesrv
- seclogon
- scm
- dcom
- cifs
- spooler
- snmp
- schedule
- tapisrv
- trksvr
- trkwks
- ups
- time
- wins
- www
- http
- w3svc
- iisadmin
- msdtc