By default, the SPNs that get automatically added on the Entra ID app registration for the storage account when you enable Entra ID Kerberos authentication are as follows:
"api://redacted-identifier/host/storage-account-name.file.core.windows.net",
"api://redacted-identifier/cifs/storage-account-name.file.core.windows.net",
"api://redacted-identifier/http/storage-account-name.file.core.windows.net",
"host/storage-account-name.file.core.windows.net",
"cifs/storage-account-name.file.core.windows.net",
"http/storage-account-name.file.core.windows.net"
It appears that Debug-AzStorageAccountAuth treats this value as case-sensitive and it expects "cifs" to be upper case.
It will fail the check with:
Checking Entra Object
(✕) Failed
ERROR: SPN Value is not set correctly, It should be 'CIFS/storage-account-name.file.core.windows.net'
Even though it does exist as "cifs/storage-account-name.file.core.windows.net"
By default, the SPNs that get automatically added on the Entra ID app registration for the storage account when you enable Entra ID Kerberos authentication are as follows:
"api://redacted-identifier/host/storage-account-name.file.core.windows.net",
"api://redacted-identifier/cifs/storage-account-name.file.core.windows.net",
"api://redacted-identifier/http/storage-account-name.file.core.windows.net",
"host/storage-account-name.file.core.windows.net",
"cifs/storage-account-name.file.core.windows.net",
"http/storage-account-name.file.core.windows.net"
It appears that Debug-AzStorageAccountAuth treats this value as case-sensitive and it expects "cifs" to be upper case.
It will fail the check with:
Checking Entra Object
(✕) Failed
ERROR: SPN Value is not set correctly, It should be 'CIFS/storage-account-name.file.core.windows.net'
Even though it does exist as "cifs/storage-account-name.file.core.windows.net"