MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

ADFS: Don’t Use Same Server Name as Service FQDN

Active Directory Federation Service is one of the best innovation Microsoft did which allows to connect 2 forests without any Active Directory Trust.

 

In the Hybrid series blog 2, I had explained how to configure ADFS here.

While planning for the ADFS server, we need to plan for a different server name vs ADFS URL. Let us see the reason why it is important.

So recently I was creating ADFS for one of my customer where customer decided to stay simple and easy. So they selected adfs.domain.com as their ADFS external url. Now their Active Directory forest is also same domain.com and they named server ADFS.

Normally we get different Active Directory domain than external url. But it was not the same here so while ending the ADFS wizard to finish creating the ADFS configuration, we got the following SPN conflict error.

 

ADFS SPN Error

An error occurred during an attempt to set the SPN for the specified service account. Set the SPN for the service account manually. For more information about setting the SPN of the service account manually, see the AD FS Deployment Guide. Error message: The SPN required for this Federation Service is already set on another Active Directory account. Choose a different Federation Service name and try again.

 

Resolution:

  • Uninstalled ADFS
  • Restarted the server
  • Changed the server name
  • Restarted the server
  • Re-run the ADFS wizard.

This time ADFS wizard completed without any issue.

 

 

Prabhat Nigam

Microsoft MVP | CTO @ Golden Five

Team@MSExchangeGuru

Don’t forget to register.


One Response to “ADFS: Don’t Use Same Server Name as Service FQDN”

  1. Monthly Newsletter – September 2016 – Guy UC World Says:

    […] · ADFS: Don’t Use Same Server Name as Service FQDN […]

Leave a Reply

ad

Categories

Archives