2 of 2 people found this helpful
Were you able to resolve your issue? To answer your question: yes, the AFServer service will need an SPN created. When configuring constrained delegation to the AFServer service, the service can be found under whichever account the SPN is created for.
As the document you linked specifies, if the AF Application Service is running under the Network Service account, it will probably have permissions to create SPNs and should create them on startup. In this case, when configuring constrained delegation to the AFServer service, it would be located under the AF Server computer.
However, if the AF Application Service is running under a domain service account, the account probably does not have permissions to create SPNs, and these will need to be created manually by a user with permission to create SPNs. In this case, when configuring constrained delegation to the AFServer service, it would be located under the domain service account user.
And yes, you can set more than one SPN for the same domain account. The SPNs just must be either for different services or for different servers, or they will be duplicates.
Please let me know if you have any further questions or confusion about this!
I am sorry I forgot to get back to you here! I have indeed resolved my issue.
I have just re-marked your answer correct for acknowledgment.