We are trying to enable kerberos authentication on our 2 node active/passive
SQL 2005 Ent cluster.

we have run the setspn -a MSSQLsvc/hostnameort domain\account command for
each host in the cluster and have verified using adsiedit that the SPN's
exist.

The AD computer accounts have the delegation tab and the "trust this
computer for delegation to any service(kerberos only)" is enabled.

When we go into the SQL cluster and go to the "SQL Network Name" resource
and check the "Enable Kerbos" on the parameters tab and try and bring that
resource online, it fails. The event viewer logs error 1194 saying "the
computer account for cluster resource 'sql network name blfsql01' in domain
domain.com could not be created for the following reason: unable to create
computer account"

The computer name referenced is the DNS name for the cluster, not an
individual host, so it should not need a computer account.

The Windows service account I used to create the SPN was the account used to
run the SQL Server DB engine.

Not really sure why we can not bring this online and what these errors are.
I've searched the web and red many MS articles, but none seem to give all the
steps required to get this working.

Any help would be greatly appreciated. Thanks.