• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 444
  • Last Modified:

Can 2 webservers have the same service principal name?

Ok, I set up active directory delegation on my intranet site, and enabled windows authentication.
Users go to the ASP page, and their identity/credentials are passed through to the SQL server.

(logging into the sql server with the users credentials is the critical part here, we have assigned sql level permissions on certain tables)

When users go to the machines website http://cWebNexus2/integratedlogon.asp, everything works like a dream.
(cWebNexus2 is the name of the machine on our active directory network)

But when I go to the outside site name: http://nexus.dealix.com/integratedlogon.asp, it didn’t work at first.
So, I used “setspn -a HOST/nexus.dealix.com” on the CwebNexus2 Webserver to register the nexus.dealix.com name, so delegation will work… and now it does!

My question is, can I do the same thing for the webserver Cwebnexus1 when I bring that machine online next week?

See, nexus.dealix.com is an address that is going to be load balanced between the machines, CWebNexus1 and CWebNexus2, will I be able to use "setspn -a HOST/nexus.dealix.com" to register the domain for both servers?
  • 2
1 Solution
If you are using IIS 6.0 you can load balance servers and use Kerberos authentication, but it does take some steps to set up correctly:


If you are using IIS 5.0 this is not possible:


Any more questions?  ;-)

Dave Dietz
dealixAuthor Commented:
Well, we got windows 2003 on all the servers.. but we are using a F5 Big IP, not the Microsoft load balancing.....
If there is no way to do delegation for nexus.dealix.com without microsoft load balancing, I could push for that... but, is there any way to make this thing work with the F5 Big IP?

Same instructions.....

NLB is a generalized term in the article and does not specifically apply to WLBS (Windows Load Balancing Services).  The steps should work fine for any load balancing technology I am aware of.

Dave Dietz
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now