Disable CNAME lookup when negotiating Kerberos authentication

Setting the policy to Enabled skips CNAME lookup. The server name is used as entered when generating the Kerberos SPN.

Setting the policy to Disabled or leaving it unset means CNAME lookup determines the canonical name of the server when generating the Kerberos SPN.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\Chrome
Value NameDisableAuthNegotiateCnameLookup
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)