I have installed MOSS 2007 to use Kerberos. Prior to the installation I assigned SPN HTTP/servername.domain to each of my service accounts: Farm Account, Content Pool, Shared Services Pool and Shared Services Account. I did this knowing that I would have to add / drop SPNs later, according to port numbers. (I followed guides by Scott Hillier and Martin Kearn). My question is: what specific service/app pool do I assign to these accounts? When all have the same generic SPN that I assigned originally everything works, but I receive KDC error #4 every 30 minutes or so. KDC error 4 states that there are 'multiple accounts with name HTTP/*****.*** of type DS_SERVICE_PRINCIPAL_NAME. I have been using trial and error in assigning variations of the HTTP service (using port numbers from my MOSS instance).Is there a better way? Because this is not working so well.
View Complete Post