Orchestrator
2020.10
false
Banner background image
OUT OF SUPPORT
Orchestrator User Guide
Last updated Dec 12, 2023

Changing the Windows Authentication Protocol

By default, in Orchestrator, the [NTLM authentication protocol][1] is used when logging in with your Active Directory credentials.

To switch to [Kerberos][2], you are required to switch the application pool to NetworkService and register the Service Principal Name (SPN) which exists in the Active Directory for the domain account used to run the service with which the client is authenticating.

To perform this change, perform the following steps:

  1. Open the Command Prompt.
  2. Change the directory to C:\Windows\System32, by using the cd C:\Windows\System32 command.
  3. Give the setspn.exe -a https://<machine> <domain account> command, where:
    • https://<machine> - represents the URL at which your Orchestrator instance is reachable, such as https://DocOrch.uipath.local;
    • <domain account> - represents the name or domain\name of the machine on which Orchestrator is installed, or the user account, such as docteam or uipath.local\docteam.

To check that Kerberos is used:

  1. Log in to Orchestrator using AD credentials.
  2. Open Event Viewer.
  3. Look for the Microsoft Windows security audit and select it. Details about the action are updated on the General tab.

  4. Under the Detailed Authentication Information section, the Logon Process should be Kerberos, as displayed in the following screenshot.



Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.