Windows Server 2008 R2.
SQL Server 2008 R2 installed.
MSSQL Service runs as Local System.
Server FQDN is SQL01.domain.com.
SQL01 is joined to an Active Directory domain named domain.com.
The following is the output of setspn:
C:\> setspn -L sql01
...
MSSQLSvc/SQL01.domain.com:1433
MSSQLSvc/SQL01.domain.com
WSMAN/SQL01.domain.com
WSMAN/SQL01
TERMSRV/SQL01.domain.com
TERMSRV/SQL01
RestrictedKrbHost/SQL01
RestrictedKrbHost/SQL01.domain.com
HOST/SQL01.domain.com
HOST/SQL01
I then launch SQL Server Management studio and connect to SQL01 thusly:
I then run the following query:
SELECT auth_scheme FROM sys.dm_exec_connections WHERE session_id = @@spid
And the result is NTLM. Why is the result not Kerberos? The SPNs seem to be correct for using the Local System account. The server is not in a cluster or using a CNAME.