Using a Domain Account |
Scroll |
The Thereforeā¢ XML Web Service can be run with a Local System account (this is the default setting during Setup). However, it can also be run with a domain account, but this must first be specified in the Thereforeā¢ Configuration Wizard.
In order to run the Thereforeā¢ XML Web Service with a domain account, the correct SPN (Service Principal Name) must be set for the account. For further details about SPNs see the following MSDN page: https://msdn.microsoft.com/en-us/library/ms677949%28v=vs.85%29.aspx
How do I configure XML Web Service to run with a domain account?
1.The first step is to make sure you have the permissions to modify SPNs. Refer to the Microsoft TechNet article here for instructions on delegating the authority to modify SPNs.
2.Next you need to set the correct SPN for the domain user account to allow the use of integrated security. Run the following command:
setspn -a HTTP/<FQDN of the PC> domain\username
where FQDN of the PC is the Fully Qualified Domain Name of the PC (e.g. demopc1.moyaware.com) and domain\username is the domain account you wish to use to run the XML Web Service (e.g. moyaware\administrator).
3.This will register the given SPN (e.g. HTTP/demopc1.moyaware.com) on the domain account entered in the previous step, and clients will be able to connect using the XML Web Service.
In case the HTTP/<FQDN> SPN is already being used for a different user account in the domain, the SPN cannot be set on another account unless it is deleted from the previous account. For example, to change the domain account used for the XML Web Service you must first delete the SPN from the old domain account and then add it to the new account. However, if another service is using the same HTTP/<FQDN> SPN, this service will be broken if you delete the SPN from the account used to run this service. |