Keep in mind that if a domain user account is used for the database services, the SPN (Service Principal Name) has to be set for a secure Kerberos authentication.
More information can be found in the Microsoft documentation:
Run setspn –A MSSQLSvc/<FQDN>:<PORT> <SQL Service Account> as a domain administrator. If a service principal name is not set incoming Microsoft SQL Server connections will be authenticated using NTLM instead of Kerberos authentication.
Example:
setspn -A MSSQLSvc/server08.comp.com SQLSrv
Run setspn -L <SQL Service Account> to list all the SPNs that are registered to the domain user account who runs the instance of Microsoft SQL Server.
Example:
setspn –L SQLSrv