SPNs

Active Directory Service Principal Names (SPNs) Descriptions

Excellent article describing how Service Principal Names (SPNs) are used by Kerberos and Active Directory:
Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

This page is a comprehensive reference (as comprehensive as possible) for Active Directory Service Principal Names (SPNs). As I discover more SPNs, they will be added.

• AcronisAgent: Acronis backup/data recovery software
• AdtServer: Microsoft System Center Operations Manager (2007/2012) Management Server with ACS
• afpserver: Apple Filing Protocol
• AgpmServer: Microsoft Advanced Group Policy Management (AGPM)
• aradminsvc – Quest Active Roles Server
• arssvc – Quest Active Roles Server
• bocms: Business Objects
• BOSSO: Business Objects
• CESREMOTE: seems to be related to a Citrix VDI solution on VMWare. Many VDI workstations have this SPN.
• cifs: Common Internet File System
• CmRcService: Microsoft System Center Configuration Manager (SCCM) Remote Control
• CUSESSIONKEYSVR: Cisco Unity VOIP System
• cvs: CVS Repository
• Dfsr*: Distributed File System Replication
• DNS: Domain Name Server
• E3514235-4B06-11D1-AB04-00C04FC2DCD2: NTDS DC RPC Replication
• E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM: ADAM Instance
• EDVR: ExacqVision
• exchangeAB: Exchange Address Book service (typically a Domain Controller supporting NSPI, which is usually all GCs)
• exchangeMDB: RPC client access – Client Access Server role
• exchangeRFR: Exchange Address Book service
• fcsvr: Apple Final Cut Server
• FileRepService: WSFileRepService.exe ?
• FIMService: Microsoft Forefront Identity Manager (FIM)
• ftp: File Transfer Protocol
• GC: Domain Controller Global Catalog services
• HDFS: Hadoop (Ambari?)
• HOST: The HOST service represents the host computer. The HOST SPN is used to access the host computer account whose long term key is used by the Kerberos protocol when it creates a service ticket.
• http: SPN for http web services that support Kerberos authentication
• Hyper-V Replica Service: Microsoft Hyper-V’s Replica Service
• IMAP: Internet Message Access Protocol
• IMAP4: Internet Message Access Protocol version 4
• ipp: Internet Printing Protocol
• iSCSITarget: iSCSI Configuration
• kadmin: Kerberos
• ldap: LDAP service such as on a Domain Controller or ADAM instance.
• magfs: Maginatics MagFS
• mapred: Cloudera Map reduce
• Microsoft Virtual Console Service: HyperV Host
• Microsoft Virtual System Migration Service: P2V Support (Hyper-V)
• mongod: MongoDB Enterprise
• mongos: MongoDB Enterprise
• MSClusterVirtualServer: Windows Cluster Server
• MSOLAPSvc: SQL Server Analysis Services
• MSOLAPSvc.3: SQL Server Analysis Services
• MSOLAPDisco.3: SQL Server Analysis Services
• MSOMHSvc: Microsoft System Center Operations Manager (2007/2012) Management Server
• MSOMSdkSvc: Microsoft System Center Operations Manager (2007/2012) Management Server
• MSServerCluster: Windows Cluster Server
• MSServerClusterMgmtAPI:This SPN is needed for cluster APIs to authenticate to the server by using Kerberos
• MSSQL: Microsoft SQL Server
• MSSQLSvc: Microsoft SQL Server
• MSSQL$ADOBECONNECT: Microsoft SQL Server supporting Adobe Connect
• MSSQL$BIZTALK: Microsoft SQL Server supporting Microsoft Biztalk Server
• MSSQL$BUSINESSOBJECTS: Microsoft SQL Server supporting Business Objects
• MSSQL$DB01NETIQ: Microsoft SQL Server supporting NetIQ
• nfs: Network File System
• NPPolicyEvaluator: Dell Quest Change Auditor?
• NPRepository4(CHANGEAUDITOR): Dell Quest Change Auditor
• NPRepository4(CAAD): Dell Quest Change Auditor
• NPRepository4(DEFAULT): Dell Quest Change Auditor
• NtFrs*: NT File Replication Service
• oracle: Oracle Kerberos auth
• pcast:  Apple Podcast Producer
• PCNSCLNT: Automated Password Synchronization Solution (MIIS 2003 & FIM)
• POP: Post Office Protocol
• POP3: Post Office Protocol version 3
• PVSSoap: Citrix Provisioning Services (7.1)
• RestrictedKrbHost: The class of services that use SPNs with the serviceclass string equal to “RestrictedKrbHost”, whose service tickets use the computer account’s key and share a session key.
• RPC: Remote Procedure Call
• SAP: SAP/SAPService<SID>
• SAS: SAS server
• SCVMM: System Center Virtual Machine Manager
• secshd: IBM InfoSphere
• sip: Session Initiation Protocol
• SMTP: Simple Mail Transfer Protocol
• SMTPSVC: Simple Mail Transfer Protocol
• SoftGrid:  Microsoft Application Virtualization (App-V)  formerly “SoftGrid”
• SPSvc:
• STS: VMWare SSO service
• SQLAgent$DB01NETIQ: SQL service for NetIQ
• tapinego: Associated with routing applications such as Microsoft firewalls (ISA, TMG, etc)
• TERMSRV: Microsoft Remote Desktop Protocol Services, aka Terminal Services.
• tnetd: Juniper Kerberos auth?
  “Tnetd is a daemon used for internal communication between different components like Routing Engine and Packet Forwarding Engines”
• vmrc: Microsoft Virtual Server 2005
• vnc: VNC Server
• vpn: Virtual Private Network
• VProRecovery Backup Exec System Recovery Agent 7.0
  VProRecovery Backup Exec System Recovery Agent 8.0
  VProRecovery Backup Exec System Recovery Agent 9.0
• VProRecovery Norton Ghost Agent 12.0
  VProRecovery Norton Ghost Agent 14.0
  VProRecovery Norton Ghost Agent 15.0
• VProRecovery Symantec System Recovery Agent 10.0
  VProRecovery Symantec System Recovery Agent 11.0
  VProRecovery Symantec System Recovery Agent 14.0
• vssrvc: Microsoft Virtual Server (2005)
• WSMAN: Windows Remote Management (based on WS-Management standard) service
• xmpp/XMPP: Extensible Messaging and Presence Protocol (Jabber)
• xgrid: Apple’s distributed (grid) computing / Mac OS X 10.6 Server Admin
• YARN: Cloudera MapReduce

NOTE:

Domain Controllers automatically map common SPNs to the “HOST” SPN.

The HOST SPN is automatically added to the ServicePrincipalName attribute for all computer accounts when the computer is joined to the domain.

The Domain Controller SPN mapping is controlled by the attribute “SPNMappings” in the following location:
“CN=Directory Service,CN=WindowsNT,CN=Services,CN=Configuration

The following SPNs are automatically mapped to HOST (SPNMapping property value):

• alerter
• appmgmt
• cisvc
• clipsrv
• browser
• dhcp
• dnscache
• replicator
• eventlog
• eventsystem
• policyagent
• oakley
• dmserver
• dns
• mcsvc
• fax
• msiserver
• ias
• messenger
• netlogon
• netman
• netdde
• netddedsm
• nmagent
• plugplay
• protectedstorage
• rasman
• rpclocator
• rpc
• rpcss
• remoteaccess
• rsvp
• samss
• scardsvr
• scesrv
• seclogon
• scm
• dcom
• cifs
• spooler
• snmp
• schedule
• tapisrv
• trksvr
• trkwks
• ups
• time
• wins
• www
• http
• w3svc
• iisadmin
• msdtc

Here’s the PowerShell code to pull the value of the Directory Service property SPNMapping :

Import-Module ActiveDirectory

$ADDomainDistinguishedName = (Get-ADDomain).DistinguishedName

(Get-ADObject -Identity `
“CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,$ADDomainDistinguishedName” `
-Partition “CN=Configuration,$ADDomainDistinguishedName” -Properties sPNMappings).sPNMappings

The results:

host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,
oakley,dmserver,dns,mcsvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,
plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,
seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,
iisadmin,msdtc