Prerequisites for creating and using an SPN in SSO 5.5 :

To be able to create and use an SPN in SSO 5.5, ensure that:

• There are two domain accounts:
  
  
  • A domain Account with domain administrator privileges is required when assigning a SPN to an account.
  • A domain Account with domain user privileges is a minimum requirement for the account to be used as the SPN account.
    
    
• You have access to vCenter Server running on a Windows platform or a Windows system connected to the same domain as vCenter Server Appliance.
• An SPN does not already exist on the account to be used.
  
  To verify that an SPN does not already exist on the account to be used:

1. Log in to vCenter Server using a domain administrator account.
   
   Note: If using the vCenter Server Appliance 5.1 (VCSA), these actions can be performed on a Windows workstation joined to the same domain as the VCSA.
   
   
2. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
3. Type echo %UserDNSDomain%and press Enter. This echoes the DNS domain name in which the current Windows system resides.
   
   For example:
   
   C:\>echo %UserDNSDomain%
   
   You see output similar to:
   
   child-domain.vmware.com
   
   
4. Type setspn -Q sts/DNS_domain_name and press Enter. This verifies that no other SPNs have been created on this domain.
   
   For example:
   
   C:\>setspn -Q STS/child-domain.vmware.com
   
   You see output similar to:
   
   No such SPN Found.
   
   Note: If a SPN is found, consult your Active Directory administrator.

Creating an SPN for use with SSO 5.5