We have our SPS joined to the Active Directory Domain for RDP sessions.
The DNS name of the SPS appliance is sps1.it.domain.com
The FQDN of the domain is child.forrest.domain.com
When the SPS was joined to the domain the DNS name entry in the computer object was sps1.child.forrest.domain.com
Because this is not resolvable in our DNS we changed it to sps1.it.domain.com in the Computer object.
I stumbled across this topic regarding Kerberos:
https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-sessions/8.0%20lts/administration-guide/69#TOPIC-2256512
Service Principal Name (SPN) for SPS
When a user wants to authenticate with Kerberos, the server has to be addressed with FQDN so the client program can search for the SPN of the server (TERMSRV/target-server.target-realm). Therefore, during the process, SPS domain join registers TERMSRV SPN for its computer account (TERMSRV/<SPS-hostname>.<realm-fqdn>) address.
Make sure that <SPS-hostname>.<realm-fqdn> is resolvable from DNS.
Does this mean the DNS name in the computer object in the active directory MUST be sps1.child.forrest.domain.com if I want to use kerberos?
Thanks