I am working in a dev environment and need to disable kerberos for some debugging and testing. I ran setspn -l server.domain and got a list of all SPN's for the server. I then ran setspn -d MSSQLSvc/server.domain domain\serviceAccount to remove the MSSqlServer SPN. I then ran setspn -T domain -Q */server.domain to query if there were any SPN's associaited with MSSQLSvc that I missed. there were none. I then ran KLIST PURGE to remove all cached tickets. Finally, i restarted my server. When i connect to this machine via TCPIP i am Still being connected via kerberos ( visible when i check the sys.dm_exec_connections dmv) None of this has helped. has anyone any ideas what i am missing?

Did you replicate on others DC ? Propagation may not be done yet

Hi, You cannot disable Kerberos, but you can configure your environment such a way that it does not use Kerberos. Here are the steps: 1. In ADUC, mark your service account NOT trusted for delegation 2. Do not create SPN for your service account. If SPN exist, delete them. Currently, please uncheck the "Account is trusted for delegation" option of the service account in ADUC and run setspn -l server.domain command again. Regards, Bruce

Hi, You cannot disable Kerberos, but you can configure your environment such a way that it does not use Kerberos. Here are the steps: 1. In ADUC, mark your service account NOT trusted for delegation 2. Do not create SPN for your service account. If SPN exist, delete them. Currently, please uncheck the "Account is trusted for delegation" option of the service account in ADUC and run setspn -l server.domain command again. Regards, Bruce