Kerberos authentication failure 0x1b

Dear All

I have been researching about the below mentioned error message for awhile now.

I have increased the audit report level and noticed this kind of errors.

My searching revealed, that the failure codes 0x1b indicate that the ticket is good for User-to-user authentication only and not for server-client authentication.

There are few things that i do not really get in the error message:

1. It says that AccountName (SQLSERVER01$@DOM...) tries to access toServiceName (SomeUsername).
This one is clearly stated in the footer of the error message.

I am not sure why the computer account wants to "access" to a domain user.

Sometimes also see that the computer name is replaced with the username again. So X user wants to access to itself ?
Should i create SPN for the user? I am a bit confused here ...

2.
With common sense, this is vice versa, so the user wish to access to the machine itself.
The machine runs 2 instance of SQL server.
The SQL instances have SPN set already.
Should I create SPN for the computer account as well?



Any explanation is appreciated, 
Thank you
A

EVENT #	8851845	

EVENT LOG	Security	

EVENT TYPE	Audit Failure	
OPCODE	Info	
SOURCE	Microsoft-Windows-Security-Auditing	
CATEGORY	Kerberos Service Ticket Operations	
EVENT ID	4769	
COMPUTERNAME  	DC01	
DATE / TIME  	03/04/2013 09:15:14	
MESSAGE	A Kerberos service ticket was requested.

Account Information:
Account Name: SQLSERVER01$@DOMAIN01.LOCAL
Account Domain: DOMAIN01.LOCAL
Logon GUID: {00000000-0000-0000-0000-000000000000}

Service Information:
Service Name: SomeUsername
Service ID: NULL SID

Network Information:
Client Address: ::ffff:10.103.22.154
Client Port: 65346

Additional Information:
Ticket Options: 0x40810000
Ticket Encryption Type: 0xffffffff
Failure Code: 0x1b
Transited Services: -

This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.

This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.

Ticket options, encryption types, and failure codes are defined in RFC 4120.