Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2018)

TABLE OF CONTENTS

Register SPNs for the PI AF Application Service

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 02, 2024
  • 2 minute read

Before creating SPNs, you must verify that SPNs do not already exist for the PI AF Application Service. See View existing SPNs for the PI AF Application Service.

When using Kerberos authentication, you can ensure better communication between clients and the PI AF Application Service by registering two SPNs. The type of SPN you register depends on the account under which the service is running. If the service runs under the Virtual Service account or NetworkService account, you must register two SPNs for the machine on which the PI AF Application Service is running, one for the host name and one for the host's FQDN. If the service is running under a domain account, you must register two SPNs for that domain account, again using the host name and the host's FQDN.

Note: You must run the setspn command from a command prompt.

  • To register two SPNs for a PI AF Application Service running under the NetworkService account, enter these two commands in sequence:

    setspn -s AFServer/machine_FQDN machine_name
    setspn –s AFServer/[machine_name] [machine_name]

    where:

    • machine_FQDN is the fully qualified domain name of the machine on which the PI AF Application Service runs

    • machine_name is the machine on which the PI AF Application Service runs

      The -s option of setspn checks for duplicate SPNs before creating new SPNs.

  • To register two SPNs for a PI AF Application Service running under a domain account, enter these two commands in sequence:

    setspn -s AFServer/machine_FQDN domain\account_name
    setspn -s AFServer/machine_name domain\account_name

    where:

    • machine_FQDN is the fully qualified domain name of the machine on which the PI AF Application Service runs

    • machine_name is the machine on which the PI AF Application Service runs

    • domain\account_name is the domain account under which the PI AF Application Service runs

For information on working with SPNs for SQL Server, see the Microsoft TechNet article Register a Service Principal Name for Kerberos Connections

TitleResults for “How to create a CRG?”Also Available in