In order to register SPNs, execute your commands is a common method, you could do it.
Setspn –s HTTP/FQDN_OF_IIS_SERVER domain\username
and
Setspn –s HTTP/FQDN_OF_IIS_SERVER domain\username
In fact, don't have MBAM on the same server as SCCM. We usually move MBAM to another server. This Microsoft document explains SPNs and their role in kerberos authentication.
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-2017
-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.