KrbException: Fail to create credential. (63) - No service creds

I am working on setting up Tomcat 8.0.35 on Ubuntu 16.04 with Oracle Java 1.8.0_91-b14 (not openjdk) to use Kerberos authentication when authenticating to our Microsoft SQL database. The issue I am running into is that after running kinit as the appropriate user with the appropriate switches: sudo -u tomcat8 kinit -k -t /etc/tomcat8/tomcat8.keytab HTTP/linux-test2.our.domain.local@OUR.DOMAIN.LOCAL I am getting this error in the localhost log from Tomcat: Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds) Caused by: KrbException: Fail to create credential. (63) - No service creds When I run sudo -u tomcat8 klist I get the expected response: root@linux-test2:/home/tbourne# sudo -u tomcat8 klist Ticket cache: FILE:/tmp/krb5cc_111 Default principal: HTTP/linux-test2.our.domain.local@OUR.DOMAIN.LOCAL Valid starting Expires Service principal 06/23/2016 14:33:10 06/24/2016 00:33:10 krbtgt/OUR.DOMAIN.LOCAL@OUR.DOMAIN.LOCAL renew until 06/24/2016 14:33:07 When I capture packets during the Tomcat startup, I see a service/instance name being passed of krbtgt/OUR.DOMAIN.LOCAL. I was expecting this to be the Default Principal mentioned above. When I set the serverSpn option in the database connection string, I get the above results. When I remove the serverSpn option, it uses a different Principal name MSSQLSvc/sql-server.our.domain.local@OUR.DOMAIN.LOCAL. Unfortunately I can't use that name since I will need unique logins (and thereby unique SPNs) for each of our Tomcat instances. Our database connection string looks like this: property.db.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver property.db.jdbcUrl=jdbc:sqlserver://sql-server.our.domain.local:1434;databaseName=DBAUTH2;integratedSecurity=true;authenticationScheme=JavaKerberos;serverSpn="HTTP/linux-test2.our.domain.local@OUR.DOMAIN.LOCAL" I have downloaded the Microsoft JDBC driver version 4.2 and Tomcat is using it. I am at a loss as to why Tomcat isn't sending the proper principal name when authenticating to the database. Any insight would be greatly appreciated. I can post the krb5.ini for Tomcat, the krb5.conf, the jaas.conf and any other configs if they would be helpful.