In Part 1, we saw, what kind of error you could expect when there is no Service Principal Name defined for the Kerberos ticket the application is requesting? The next part show you is what might be the error message you would get if there were multiple accounts with the same SPN defined on them.
We are not going to cover the basics of how to capture a network trace and how to review it this time so this part should be fairly quick. We are going to be using the same configuration as the previous blog post.
Again, we notice that the website shows that we are authenticating with NTLM and the web server’s auditing log also shows that we authenticated using NTLM.