description of setup regarding kerberos is missing importance of PTR records and does not mention TryIPSPN feature.

[Saturnous]

Page URL

https://docs.netapp.com/us-en/ontap/antivirus/install-ontap-antivirus-connector-task.html

Page title

Install ONTAP Antivirus Connector

Summary

When Kerberos authentication is required for Vscan servers, each SVM data LIF must have a unique DNS name registered as PTR-Record and Host-A entry. This DNS name must also be registered as a server principal name (SPN) in SVMs computer account within the Windows Active Directory. On scan servern running windows server 2016 and newer it is also possible to register the IPv4 addresses as SPN and enable Kerberos over IP on the scanserver by running following command on a elevatet shell.

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters" /v TryIPSPN /t REG_DWORD /d 1 /f

https://learn.microsoft.com/en-us/windows-server/security/kerberos/configuring-kerberos-over-ip

Public issues must not contain sensitive information

• [X] This issue contains no sensitive information.

[netapp-ehoffman]

@Saturnous , are you a NetApp employee? If so, can you share your user name for additional discussion? Thanks!