Recently I updated some virtual accounts to AD accounts and in some cases (not all) i ran into the login failure:
The target principal name is incorrect. Cannot generate SSPI context.
So we deleted the SPN's that were in AD under the computer account and recreated them under the service account.
On another server i now get the error at startup that it cant create the SPN but whatever i can still login.
Now i'm looking at the auth_scheme on 38 servers and in 8 cases its Kerberos and the other 30 are NTLM.
My question is what should it be? Why in one case am i not able to login until the SPN's are fixed but in other cases it doesn't seem to matter?