Kerberos error

I have 3 Hyper-V hosts. Servers are Windows Server 2012 R2. All of them are reporting error in event viewer:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server server3$. The target name used was HTTP/ourserver.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.



If I try to refresh page on Server Manager the error is:

Error      ourserver : Configuration refresh failed with the following error: The metadata failed to be retrieved from the server, due to the following error: WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred.  



Ourserver in DNS has 3 A records and IP are the same as Server1, Server2 and Server3.

I can connect with domain accounts to servers. Why is this happening?