How do I configure the Windows Authentication for Trados GroupShare 2017 (or higher)

After installing  Trados GroupShare 2017 (or higher) that includes support for Windows Authentication, I still receive the error message Response status code does not indicate success: 401 (Unauthorized). described here:

• Trying to open server-based Translation Memory displaying the error: 'Response status code does not indicate success: 401 (Unauthorized).'

 
How do I configure the Windows Authentication for Trados GroupShare 2017 (or higher) to enable my users to using the Windows Authentication method?

Configuring Windows authentication 

For Windows authentication to work on the Trados GroupShare server, you need to set a Service Principal Name (SPN) to identify the account running Trados GroupShare services with the Fully Qualified Domain Name (FQDN) of the web application. Before you begin you need an account that has Domain Admin permissions or has the Validated write to service principal names permission delegated. Afterwards follow the steps described:

1. Launch Command Prompt with Run as Administrator.
2. Run:

• for http:

setspn -S http/servername serviceaccount

• for https:

setspn -S https/servername serviceaccount

Note: You may need to run the setspn command for both the simple server name and the Fully Qualified Domain Name  (FQDN). The serviceaccount is the account user running the Trados GroupShare services (you can find this in the GroupShare Console or in services.msc by checking the services starting with ).

If it is successful, you will see “Updated object” in the command prompt. You can check it by running:
 

setspn -L serviceaccount

 

This is an example of how the syntax could look like:

setspn -S http/gsserver.sdl.com global\adminuser

About Service Principal Names (SPN)

Further information on Service Principal Name can be found here:
 

• Microsoft TechNet: Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)
• Microsoft Developer Network (MSDN): Service Principal Names (SPN)