I had a couple of duplicate spn's that I removed via setspn -D. I still have two issues:
1. There is a duplicate spn for a sql server that keeps getting re-created. Even though i delete it it comes back after a couple of hours.
2. removal of another duplicate spn broke an internal application that used kerberos for authentication. Changing the authentication to NTLM fixed it, but shouldn't this be happening in reverse? The app should have been having authentication issues due to the duplicate spn and removing it should have cleaned it up. Instead it broke it?