SETSPN and IIS Issues with SCCM

  • Specify a fully qualified domain name (FQDN) for this site system on the intranet.
    Enables or cancels the intranet FQDN text box, which allows you to specify an intranet FQDN for the site system.

    An FQDN is required for many scenarios in Configuration Manager including the following:

    • Automatic approval of trusted clients in mixed mode
    • Native mode if the site system PKI certificate uses an FQDN
    • Environments that have multiple domains and do not use a fully replicated WINS.

     

    Configuring an FQDN is also recommended if this site system will host the default management point that will publish to Domain Name System (DNS).

     

  • Intranet FQDN
    Enter a fully qualified domain name (FQDN) for the site system on the intranet. This can be the same FQDN as the server's network configuration, or it can be a CNAME (alias) configured on the intranet DNS.

    If you use a CNAME (DNS alias) rather than the computer name as your FQDN, you might need to register this as a Kerberos service principal name (SPN), so that IIS authentication succeeds. Use the Setspn utility that ships with Windows Server support tools to register the CNAME as an SPN in Active Directory Domain Services.

 

---