Configure the Service Principal Name for the SCEP Server
Configure the Service Principal Name for the SCEP Server
On a server that has the setspn command available (typically it is available on domain controllers, as it installs as part of the Active Directory Domain Services role), open a command prompt using the "Run as administrator" option and run the following command (where scepserver.keyexample.com is the fully qualified domain name of your SCEP server or the DNS alias you are using to reference your SCEP server, if applicable, and KEYEXAMPLE\svc_scep is the domain name and service account name of the service account under which the SCEP application pool is running):
setspn –s HTTP/scepserver.keyexample.com KEYEXAMPLE\svc_scep
Important: If you are running the Keyfactor SCEP server on the Keyfactor Command server, wish to configure Kerberos authentication for both, and have chosen to run the two application pools with different service accounts, you will need to use a DNS alias to reference one or the other of these applications (or both) so that you can set the SPNs separately for the different service accounts. Setting the same SPN (e.g. HTTP/keyfactorserver.keyexample.com) on two different service accounts (e.g. KEYEXAMPLE\svc_keyfactorpool and KEYEXAMPLE\svc_scep) is not supported.
