DNS Zone Active Directory Service Principal settings - Adaptive Applications - BlueCat Gateway - 23.2.3

BlueCat Distributed DDNS Administration Guide

Product name
BlueCat Gateway

When configuring DNS Zones, the Active Directory Service Principal section contains settings for Active Directory.

  1. Click the Support signed updates from Windows (GSS-TSIG) to enable GSS-TSIG updates from Active Directory.

  2. In KDC Server, enter the key distribution center (KDC) server address.

    The Key Distribution Center server verifies the Service Principal Name and Password before changes are saved or when users click the Test button.

  3. In the Service Principal Name field, enter the Service Principal Name that is mapped to the Active Directory account of the Distributed DDNS service for this domain.

    The domain account for the DDNS service must be created on the Active Directory server before entering the information for this step. For more information, refer to Reference: Active Directory service configuration.

    Note: The full account name must be the same value as the DDNS Service Name in the BAM Configuration section. Doing so ensures that there is a host record for that name that points to the IP address of the DDNS service.
  4. In the Password field, enter the password of the Active Directory user account to which the Service Principal Name maps.

  5. In the Key Version Number field, enter the key version number (knvo) attribute of the Active Directory user account to which the Service Principal Name maps.

    Tip: To verify the knvo of the Active Directory user account, use the following PowerShell command on the Active Directory server:
    get-aduser <username> -property msDS-KeyVersionNumber
  6. Click Test to verify the Service Principal Name and password against the KDC configuration in the /etc/krb5.conf file.