I have installed MOSS 2007 to use Kerberos. Prior to the installation I assigned SPN HTTP/servername.domain to each of my service accounts: Farm Account, Content Pool, Shared Services Pool and Shared Services Account. I did this knowing that I would have to add / drop SPNs later, according to port numbers. (I followed guides by Scott Hillier and Martin Kearn). My question is: what specific service/app pool do I assign to these accounts? When all have the same generic SPN that I assigned originally everything works, but I receive KDC error #4 every 30 minutes or so. KDC error 4 states that there are 'multiple accounts with name HTTP/*****.*** of type DS_SERVICE_PRINCIPAL_NAME. I have been using trial and error in assigning variations of the HTTP service (using port numbers from my MOSS instance).Is there a better way? Because this is not working so well.

Hi, I have the same problem, Are you sure you do not use the same SPN on more one account? I received this msg error when I put the same SPN name on 2 service account, or more. Example: if you put the SPN domain name on the your setup service account and on your app -pool service account you have big chance to receiv this error msg. Let me know.