Hello,
looks good in the first place but please remove the following SPN via "setspn -d"
HTTP/###.###.###.###.DOMAIN
This one is not required. After deleten retry first, then proceed as shown here
No, the Service Account doesnt need to have priviliges on the CMS DB.
If you cant access the Link you propably dont have an S-User?! Please procced as follows:
1. Stop the Tomcat
2. Open the Tomcat Configuration
3. Go to the Java Tab
4. Add the following Paramter under Options
-Djcsi.kerberos.debug=true
5. Start the Tomcat
6. Check the std.out and std.err log File of the Tomcat that the Tomcat is started
7. Search the Files for "Credentials obtained"
8. Re- produce the issue
9. Check the Files again for any errors
Regards
-Seb.