SPN records check (Service Principal Name) – Exchange 2010 / Exchange 2013

There is a lots of articles about enabling Kerberos authentication for Exchange 2010 CAS servers, but not much about what SPN (Service Principal Names) list. It is kind of easy to determine list of SPNs for particular servers. SPN records are similar in Exchange 2010 and Exchange 2013. Here is the procedure

  • Open command line or Powershell under elevated permissions
  • Type the following command
setspn -Q */*EX10* >> d:spn_records.txt 

Explanation

  • setspn.exe – name of utility, which can set SPN records or list their status
  • -Q -switch to query mode (listing existing SPN records)
  • */ wildcard of SPN name
  • /*EX10* -names of the servers with wildcards
  • >> d:spn_records.txt – direct output to file with append feature

Results

Result for Exchange CAS/HUB

CN=SRVEX10CH1,OU=Exchange,OU=Servers,DC=subdomain,DC=domain,DC=local
 POP3/SRVEX10CH1.subdomain.domain.local
 POP3/SRVEX10CH1
 POP/SRVEX10CH1.subdomain.domain.local
 POP/SRVEX10CH1
 IMAP4/SRVEX10CH1.subdomain.domain.local
 IMAP4/SRVEX10CH1
 IMAP/SRVEX10CH1.subdomain.domain.local
 IMAP/SRVEX10CH1
 SMTP/SRVEX10CH1
 SMTP/SRVEX10CH1.subdomain.domain.local
 SmtpSvc/SRVEX10CH1
 SmtpSvc/SRVEX10CH1.subdomain.domain.local
 exchangeRFR/SRVEX10CH1
 exchangeRFR/SRVEX10CH1.subdomain.domain.local
 exchangeAB/SRVEX10CH1
 exchangeAB/SRVEX10CH1.subdomain.domain.local
 ExchangeMDB/SRVEX10CH1
 ExchangeMDB/SRVEX10CH1.subdomain.domain.local
 WSMAN/SRVEX10CH1
 WSMAN/SRVEX10CH1.subdomain.domain.local
 TERMSRV/SRVEX10CH1.subdomain.domain.local
 TERMSRV/SRVEX10CH1
 RestrictedKrbHost/SRVEX10CH1
 HOST/SRVEX10CH1
 RestrictedKrbHost/SRVEX10CH1.subdomain.domain.local
 HOST/SRVEX10CH1.subdomain.domain.local

Result for Exchange UM server

CN=SRVEX10UM1,OU=Exchange,OU=Servers,DC=subdomain,DC=domain,DC=local
 SmtpSvc/SRVEX10UM1.subdomain.domain.local
 SmtpSvc/SRVEX10UM1
 WSMAN/SRVEX10UM1
 WSMAN/SRVEX10UM1.subdomain.domain.local
 TERMSRV/SRVEX10UM1
 TERMSRV/SRVEX10UM1.subdomain.domain.local
 RestrictedKrbHost/SRVEX10UM1
 HOST/SRVEX10UM1
 RestrictedKrbHost/SRVEX10UM1.subdomain.domain.local
 HOST/SRVEX10UM1.subdomain.domain.local

Result for Exchange PF/Mailbox server

CN=SRVEX10PF1,OU=Exchange,OU=Servers,DC=subdomain,DC=domain,DC=local
 MSSRVrverClusterMgmtAPI/SRVEX10PF1
 MSSRVrverClusterMgmtAPI/SRVEX10PF1.subdomain.domain.local
 SMTP/SRVEX10PF1
 SMTP/SRVEX10PF1.subdomain.domain.local
 SMTPSVC/SRVEX10PF1
 SMTPSVC/SRVEX10PF1.subdomain.domain.local
 exchangeMDB/SRVEX10PF1.subdomain.domain.local
 exchangeMDB/SRVEX10PF1
 WSMAN/SRVEX10PF1
 WSMAN/SRVEX10PF1.subdomain.domain.local
 TERMSRV/SRVEX10PF1.subdomain.domain.local
 TERMSRV/SRVEX10PF1
 RestrictedKrbHost/SRVEX10PF1
 HOST/SRVEX10PF1
 RestrictedKrbHost/SRVEX10PF1.subdomain.domain.local
 HOST/SRVEX10PF1.subdomain.domain.local

Result for DAG

CN=EX10DAG,OU=Exchange,OU=Servers,DC=subdomain,DC=domain,DC=local
 MSServerCluster/EX10DAG.subdomain.domain.local
 MSServerCluster/EX10DAG
 MSServerClusterMgmtAPI/EX10DAG.subdomain.domain.local
 MSServerClusterMgmtAPI/EX10DAG
 MSClusterVirtualServer/EX10DAG.subdomain.domain.local
 MSClusterVirtualServer/EX10DAG
 HOST/EX10DAG.subdomain.domain.local
 HOST/EX10DAG