SPN records check (Service Principal Name) – Exchange 2010 / Exchange 2013

There is a lots of articles about enabling Kerberos authentication for Exchange 2010 CAS servers, but not much about what SPN (Service Principal Names) list. It is kind of easy to determine list of SPNs for particular servers. SPN records are similar in Exchange 2010 and Exchange 2013. Here is the procedure

  • Open command line or Powershell under elevated permissions
  • Type the following command
setspn -Q */*EX10* >> d:spn_records.txt 


  • setspn.exe – name of utility, which can set SPN records or list their status
  • -Q -switch to query mode (listing existing SPN records)
  • */ wildcard of SPN name
  • /*EX10* -names of the servers with wildcards
  • >> d:spn_records.txt – direct output to file with append feature


Result for Exchange CAS/HUB


Result for Exchange UM server


Result for Exchange PF/Mailbox server


Result for DAG


4 thoughts on “SPN records check (Service Principal Name) – Exchange 2010 / Exchange 2013

  1. Pingback: How To Fix A Service Principal Name Spn Because Errors - Windows Vista, Windows 7 & 8

  2. I believe the:

    services should only be present if the Server is also a Global Catalog (GC, which also requires it to be a Domain Controller, or DC). Those entries should only be present on a Global Catalog, and if the server is ever demoted (which isn’t supported – to demote a DC / Exchange combo) than the entries need to be removed.

    • Hello,

      I don’t think so. ExchangeAB entries are present on Exchange server, because it si connected to Address Book, not DC. The fact that server is Combo with DC doesn’t really metter. If you remove Exchange server from DC correctly, it should remove SPNs related to Exchange as well.

  3. Pingback: Spf Record Check Exchange 2010 | HOME

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s