Disable CNAME lookup when negotiating Kerberos authentication

Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.

If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.

If you disable this setting or leave it not set, the canonical name of the server will be determined via CNAME lookup.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Registry PathSoftware\Policies\Google\ChromeOS
Value NameDisableAuthNegotiateCnameLookup
Enabled Value1
Disabled Value0


Administrative Templates (Computers)

Administrative Templates (Users)