Disable CNAME lookup when negotiating Kerberos authentication

Specifies whether the generated Kerberos SPN is based on the canonical DNS name or the original name entered.

If you enable this setting, CNAME lookup will be skipped and the server name will be used as entered.

If you disable this setting or leave it not set, the canonical name of the server will be determined via CNAME lookup.

Supported on: Microsoft Windows XP SP2 or later
Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Google\Chrome
Value NameDisableAuthNegotiateCnameLookup
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)