Hi, Just going through the "Before you begin" section of FIM setup. We are planning to use a hardware load balancer, and this has been configured and the relevant 'A' record created in DNS. We next go to a DC and try to register the SPN for this new NLB name as follows: setspn –S FIMService/IDM.company.com domain\FIMSync setspn –S FIMService/IDM domain\FIMSync setspn –S HTTP/IDM.company.com domain\FIMWSS setspn –S HTTP/IDM domain\FIMWSS When we run the first setspn registration we get the error message: Unknown Parameter FIMService/IDM.company.com. Please check your usage. We also tried running it like this: setspn –A FIMService/IDM.company.com domain\FIMSync But the same error message appears. Any ideas? thank you

What version of Windows Server is running on the DC? The -S syntax was added to the latest version of SETSPN in either 2008 or 2008 R2 (can't quite remember). If you're running 2003 or 2003 R2 that won't work and you'll need to drop back to -A or run SETSPN on the FIM Box.

I see you said -A doesn't work either. Sorry. Couple of things: Try it from the 2008/R2 box you're installing FIM on. Also, did you intend to use FIMSync service account in your example? You should not be using the same accounts for FIM Service and FIM Synchronization Service. Also, your examples have a final dot/period on the end in one. Is this intentional? Try it without if true.

So, we retyped everything out again, failed again. Retyped everything for the upteenth time - and this time it worked. No real explanation as to why it failed the first few times. Thank you for your help Paul PS. well done for spotting the incorrect Service account reference

Just for future reference, if you are seeing "unknown parameter..." it's mostly because the setspn command is choking on the "-A". If you copy paste from Micrsoft Word documents, this often results in an invalid - as word automatically made a different - of it. Check: Setspn –a http/website account Setspn -a http/website account Both of the above were typed in word, in the second entry I went back erased the - and retyped it. See the difference?http://setspn.blogspot.com

Thanks Thomas, I encountered this exact problem copying the setspn command directly from the 'Before You Begin' guide on Technet.