15.6
Table Of Contents
- Dragon_NMCInstallGuideCover_20160929_v4_Cloud
- About this guide
- Chapter 1: Introduction
- Chapter 2: Preparing for your installation
- Chapter 3: Post-installation tasks
- Chapter 4: Preparing for your Active Directory single sign-on configuration
- Chapter 5: Installing the Local Authenticator
- Chapter 6: Preparing for your Central Authentication single sign-on configuration
- Central authentication overview
- Supported identity providers
- Supported federation relationship types
- Checklist—Planning your Central Authentication single sign-on setup
- Obtaining required information
- Configuring Central Authentication
- Installing the Active Directory/LDAP connector
- Viewing Central Authentication audit events
Nuance Management Center Server Installation and Configuration Guide
Running the SetSPN.exe Windows utility
About SetSPN.exe
SetSPN.exe is a Windows utility that registers the NMS Platform Service Principal Name (SPN) with the
Windows domain. You run this utility to indicate to the Windows domain that the NMS Platform service is
valid and trusted on the domain.
During single sign-on, Dragon clients pass the credentials of authenticated Windows users securely to the
NMS Platform service. The credentials are then validated on the NMC server. Dragon clients cannot connect
to Nuance Management Center until you register the SPN (nms_spn) for the Nuance Management Center
service.
You run the utility only when you're using Kerberos authentication instead of NTLM. You run the SetSPN.exe
utility only once at any time before, during, or after your Nuance Management Center installation, regardless
of whether you're using the Nuance cloud-hosted NMC server or your own on-premise NMC server.
Downloading SetSPN.exe
SetSPN.exe is included with Microsoft's Windows Support Tools. If this package is not already installed on a
computer in your domain, you can download it from Microsoft's web site:
https://social.technet.microsoft.com/wiki/contents/articles/2170.windows-server-2008-and-windows-server-
2008-r2-support-tools-dsforum2wiki.aspx
Executing SetSPN.exe
You run the utility on any computer that is a member of the Windows domain you're using for your single sign-
on users. You do not need to run the utility on the NMC server. You must be a domain administrator to run this
utility.
To run the utility, specify the following from the command line:
SETSPN -S http/nms_spn <domain\service account>
where <service account> is the Windows user account that runs the NMS Platform service.
Note: There cannot be any other applications that require SPN registration on the Windows domain. If
there are other registered applications on the domain and you attempt to register the NMS Platform
service, a "Duplicate SPN found" error occurs.
18