I can only speak for Windows. In the e-data you normally will see the extended status code as returned by kerberos.
The trace I am looking at right now has a response from the KDC where I can seen a block like 72 02 00 C0 which converted is c0000272. And using a tool like err.exe from http://www.microsoft.com/en-us/download/details.aspx?id=985 to translate these windows error codes gives
# for hex 0xc0000272 / decimal -1073741198
STATUS_NO_MATCH ntstatus.h
# There was no match for the specified key in the index.
# as an HRESULT: Severity: FAILURE (1), FACILITY_NULL (0x0), Code 0x272
# for hex 0x272 / decimal 626
ERROR_NO_MORE_MATCHES winerror.h
# There are no more matches for the current index
# enumeration.
# 2 matches found for "c0000272"
In this case its because the SPN was not in the list msds-allowedtodelegateto and therefore KDC returns this error to see its not in the list.
I am not sure if your e-data is complete. But there is what looks like a windows error code 33 01 00 c0.
Does this below bit apply to you or make sense?
# for hex 0xc0001033 / decimal -1073737677
MSG_CI_IISADMIN_NOT_AVAILABLE querymsg.h
# The IISADMIN service is not available, so virtual roots
# cannot be indexed.%1
# 1 matches found for "c0001033"