ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-411 All Questions

View all questions & answers for the 70-411 exam
Go to Exam

Exam 70-411 topic 1 question 35 discussion

Actual exam question from Microsoft's 70-411
Question #: 35
Topic #: 1
[All 70-411 Questions]

DRAG DROP -
You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Web Server (IIS) server role installed.
Server1 will host a web site at URL https: //secure.contoso.com. The application pool identity account of the web site will be set to a domain user account named
AppPool1.
You need to identify the setspn.exe command that you must run to configure the appropriate Service Principal Name (SPN) for the web site.
What should you run?
To answer, drag the appropriate objects to the correct location. Each object may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Note:
>
Adds the specified SPN for the computer, after verifying that no duplicates exist.

Usage: setspn s SPN accountname -
For example, to register SPN "http/daserver" for computer "daserver1": setspn -S http/daserver daserver1 http://technet.microsoft.com/en-us/library/cc731241(v=ws.10).aspx
Attn: with Windows 2008 option is -a but with Windows 2012 it started to show -s

Definition of an SPN -
An SPN is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each service instance must have its own SPN. A particular service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running. Therefore, a service instance might register an SPN for each name or alias of its host.

Adding SPNs -
To add an SPN, use the setspn -s service/namehostname command at a command prompt, where service/name is the SPN that you want to add and hostname is the actual host name of the computer object that you want to update. For example, if there is an Active Directory domain controller with the host name server1.contoso.com that requires an SPN for the Lightweight Directory Access Protocol (LDAP), type setspn -s ldap/server1.contoso.com server1, and then press
ENTER to add the SPN.

The HTTP service class -
The HTTP service class differs from the HTTP protocol. Both the HTTP protocol and the HTTPS protocol use the HTTP service class. The service class is the string that identifies the general class of service.
For example, the command may resemble the following command:
setspn S HTTP/iis6server1. mydomain.com mydomain\appPool1
References:
http://support.microsoft.com/kb/929650/en-us
http://technet.microsoft.com/en-us/library/cc731241%28v=ws.10%29.aspx
by dylpickles2001 at Dec. 2, 2020, 7:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NerdAlert
4 years, 7 months ago
"If anyone is wondering why HTTP and not HTTPS, it is because in the syntax of SETSPN, HTTP refers to the service class, which cover both HTTP and HTTPS protocols." https://www.briefmenow.org/microsoft/you-need-to-identify-the-setspnexe-command-that-you-must-run-to-configure-the-appropriate-service-principal-name-spn-for-the-web-site-2
upvoted 1 times
...
dylpickles2001
4 years, 8 months ago
Because Server1 is hosting an HTTPS site instead of an HTTP one, it is supposed to be https/secure.contoso.com, not http/secure.contoso.com.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel