select auth_scheme from sys.dm_exec_connections where session_id=@@spid
You should see NTLM in the result if Kerberos is not working.
The error says that SPN is incorrect, however you verify that SPN is actually ok:
Additionally on domain controller you might see similar event logged:
While processing an AS request for target service krbtgt, the account
did not have a suitable key for generating a Kerberos ticket
(the missing key has an ID of 1). The requested etypes : 18 17 3. The accounts
available etypes : 23 -133 -128. Changing or resetting the password of
will generate a proper key.
In my case I solved this by changing the SQLServer service account to a newly created one, since I was not able to reset the password for it, due to the fact it might have been used elsewhere. Generally resetting password for that account as suggested in the event log should fix this also.