CTA with Unity Kerberos SPN's?

I have been trying to "Verify" a server config in CTA/VE, and can't get past a CIFS error:  "CIFS authentication:  Failed.  Failed to authenticate credentials".  I get the same error with both the NetBIOS and Kerberos options.  I am trying to authenticate with Active Directory (Win2012R2).  The server is a NAS on a Unity 300F.  I have tried to configure the NAS for Kerberos (computer or user account), and tried Simple (LDAP).  No go.  This happens with both SMB and multiprotocol NAS. 

Running Wireshark on the DC, with the Kerberos setting in CTA, gives me this error during the verify process: "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN".  That tells me that an SPN is missing from the computer or user account, I believe.  But I can't find any documentation on it.

Questions:

1.  What SPN's are needed for the user account that I specify in the CTA/VE CIFS tab of the file server config?

1a.  Do I need any SPN's for the Unity NAS computer account (or user account if I need to use that option)?

2.  The documentation (docu80745) states to confirm that "NTLM is configured for authentication".  Configured with which setting?  "Network security: LAN Manager Authentication" has multiple options and I have tried a few.

Any help with these errors would be greatly appreciated!  I have tried everything I can think of.

Thanks!