0

There is a SharePoint which I'm accessing a file using REST API through Kerberos authentication , the problem is that the SharePoint where it is located has two DNS entries for a single IP, whenever it resolves to domain name 1, the API is getting authenticated and I'm getting back response , but whenever the DNS is resolving to domain name 2 , the authentication fails with error : ' server not found in Kerberos database ' And this DNS resolution is random

What needs to be done to solve this problem ? Or how can I add this second DNS entry to Kerberos database ??

"The network administrators are not ready to remove 2nd DNS entry ! "

Sai Chand M
  • 13
  • 6
  • Steve has provided the solution and it will work. However, "this DNS resolution is random" -> did you mean that the DNS value can change dynamically? if that's the case, you need to update the SPN entry every time the DNS value changes. – Bhushan Karmarkar Sep 07 '20 at 05:26
  • DNS Resolution random here means that it's switching between name 1 and name 2 for random interval of time like for 4 hrs it resolves to name 1 and then next 3hrs it resolves to name 2 like that, – Sai Chand M Sep 07 '20 at 14:44
  • Then Steve's answer will solve your issue. Attach both DNS values as SPNs for the service account. – Bhushan Karmarkar Sep 08 '20 at 05:20

1 Answers1

0

You just need to add an SPN (servicePrincipalName) for the second domain name to the AD service account or computer object that runs SharePoint in the form of http/your.second.domain.com.

Steve
  • 4,463
  • 1
  • 19
  • 24