AndyD - that's not the same thing. Registering the instance in AD does not create the SPN, it just publishes the "presence" of the SQL server so that people can browse and find it. There is only one situation where SQL Server automatically creates the SPN: when it's running as LocalSystem. The problem is that SPN is created on the computer account for the server, and LocalSystem doesn't have any network priviledges, so it's useless for Kerberos delegation. When you change the service account to a domain user you will see an error message in the SQL logs when SQL Server starts complaining that it can't register the SPN as the domain user it's running as (usually) doesn't have the necessary permissions to create SPNs (and it shouldn't). This error is normal - a domain admin should be manually creating the SPN on the domain user object that SQL Server is running as.

Regards,

Jacob