Disable CNAME lookup when negotiating Kerberos authentication
Supported on: Microsoft Edge version 77, Windows 7 or later
Registry
HKLM
Software\Policies\Microsoft\Edge HKCU
Software\Policies\Microsoft\Edge Value name: DisableAuthNegotiateCnameLookup
Enabled: DisableAuthNegotiateCnameLookup = 1
Disabled: DisableAuthNegotiateCnameLookup = 0
Description
Determines whether the generated Kerberos SPN is based on the canonical DNS name (CNAME) or on the original name entered. If you enable this policy, CNAME lookup is skipped and the server name (as entered) is used. If you disable this policy or don't configure it, the canonical name of the server is used. This is determined through CNAME lookup.