Which SPNs to Set for CRM: A Comprehensive Guide

Greetings, fellow marketers and business owners! In today’s digital age, customer relationship management (CRM) is more important than ever. It allows us to understand our customers’ habits, preferences, and needs, and ultimately provide them with better service. However, to make the most out of your CRM software, you must set the right Service Principal Names (SPNs) with precision. But which SPNs should you set? That’s what we’ll be exploring in this article.

Understanding SPNs and Their Importance in CRM

To put it simply, SPNs are unique identifiers that allow your application to authenticate with a service on behalf of a user. In the context of CRM, SPNs play a crucial role in delegating authorization to users, groups, and computers. They enable you to determine which users can access which data and functionalities within your CRM system. In essence, SPNs help you maintain data security, privacy, and compliance.

However, they can also be quite complex and confusing to set up, especially if you are not familiar with Active Directory and Kerberos authentication. That’s why we’ve created this guide to help you navigate the world of SPNs and CRM with ease. Let’s dive in!

The Benefits of Setting the Right SPNs for your CRM

Before we get into the nitty-gritty of SPNs, let’s take a moment to appreciate the benefits of getting them right:

👍 Improved data security: Setting the right SPNs ensures that only authorized users can access your CRM data and functionalities. This reduces the risk of data breaches, cyber-attacks, and insider threats.

👍 Enhanced user experience: With the right SPNs, you can grant specific users or groups access to personalized CRM features and information. This makes it easier for them to navigate your system and get the insights they need.

👍 Increased productivity: By delegating authorization through SPNs, you can streamline your CRM workflows and reduce the time and effort required to manage user access. This allows you to focus on more important tasks and goals.

Which SPNs Should You Set for Your CRM?


The HTTP SPN allows your CRM server to authenticate HTTP traffic with a Kerberos ticket. This is essential if you’re using Internet Information Services (IIS) as your web server and want to enable Kerberos authentication. Without this SPN, your users will have to rely on basic authentication, which is less secure and less efficient than Kerberos.


The HOST SPN identifies the host server that is running your CRM application. It is necessary for authenticating computer accounts that access your CRM data, such as Active Directory Domain Services (AD DS) and SQL Server.


The MSSQLSvc SPN is used to authenticate SQL Server database connections. It allows users to access the CRM database without having to provide their credentials every time. This SPN is crucial for ensuring the smooth and secure operation of your CRM system.


The LDAP SPN is required if you’re using Active Directory Lightweight Directory Services (AD LDS) as your authentication provider. It allows your CRM application to connect to the AD LDS instance and authenticate users and groups.


The SMTP SPN is necessary if you’re using Simple Mail Transfer Protocol (SMTP) to send email from your CRM application. It enables the SMTP server to authenticate with a Kerberos ticket and ensures that email messages are sent securely and efficiently.


The DNS SPN identifies the DNS server that resolves hostnames on your CRM network. It is required for authenticating computer accounts that access your CRM data, such as DNS dynamic updates.


The CIFS SPN is used for authenticating file server connections. If your CRM application needs to access files or folders on a remote server, you’ll need to set a CIFS SPN to enable Kerberos authentication.

A Complete Table of SPNs for CRM

SPN Type Description
HTTP SPN Authenticate HTTP traffic
HOST SPN Identify host server
MSSQLSvc SPN Authenticate SQL Server connections
LDAP SPN Authenticate AD LDS connections
SMTP SPN Authenticate SMTP connections
DNS SPN Identify DNS server
CIFS SPN Authenticate file server connections

Frequently Asked Questions (FAQs)

1. Do I need to set all the SPNs listed in the table?

No, you only need to set the SPNs that are relevant to your CRM system and network architecture. However, we recommend setting as many SPNs as possible to ensure maximum security and efficiency.

2. How do I set SPNs for my CRM system?

You can set SPNs using the SetSPN.exe tool that comes with Windows Server. Alternatively, you can use PowerShell or a third-party tool like ADSI Edit. Make sure you have administrative access to your AD environment before setting SPNs.

3. What happens if I set the wrong SPNs or miss some of them?

You may encounter authentication errors, user access issues, and other security and performance problems. It’s essential to test your SPN configuration thoroughly and ensure that all the relevant users and groups can access your CRM data and features.

4. Can I change or update my SPN configuration later?

Yes, you can modify your SPNs at any time using the same tools and procedures as for setting them up. However, you should be careful when making changes to ensure that you don’t disrupt your CRM workflows or introduce security vulnerabilities.

5. Can I use a third-party authentication provider with my CRM system?

Yes, most CRM systems support various authentication providers, such as OAuth, OpenID Connect, and SAML. However, you’ll need to set up the corresponding SPNs and configuration options to ensure that your authentication works correctly.

6. How do I monitor and troubleshoot SPN-related issues in my CRM system?

You can use tools like Event Viewer, Network Monitor, and Kerberos Configuration Manager to diagnose SPN-related issues. You should also keep an eye on your system logs and user feedback to identify any performance or security problems.

7. How often should I review my SPN configuration?

You should review your SPN configuration regularly, especially if you make significant changes to your CRM system or network infrastructure. It’s also a good practice to perform periodic security audits and penetration testing to ensure that your SPNs are working correctly and not exposing your data to risks.


Congratulations! You’ve reached the end of our guide on which SPNs to set for CRM. We hope you’ve gained valuable insights and knowledge that will help you improve your CRM security, efficiency, and user experience. Remember, setting the right SPNs is not a one-time task but an ongoing process that requires careful planning, testing, and maintenance. By following our best practices and tips, you can ensure that your SPNs are working correctly and enabling your CRM system to thrive.

Now it’s your turn to take action! Review your SPN configuration, identify any gaps or issues, and implement the necessary changes. Don’t forget to monitor and evaluate the results and seek professional help if you need it. With the right SPNs, you can unleash the full potential of your CRM system and achieve your business goals.

Closing Disclaimer

The information and advice provided in this article are for educational and informational purposes only. We do not guarantee the accuracy, completeness, or reliability of the content, nor do we endorse any specific product or service mentioned herein. It is your responsibility to evaluate and apply the recommendations in this article in a manner that suits your particular circumstances and needs. We shall not be liable for any loss or damage arising from your use of or reliance on the information and advice in this article.