After the Kerberos configuration, during testing you receive an error in the IIS logs that states 403 16. This error is observed in both Same Domain and Cross Domain Kerberos configurations. More information on gathering IIS logs can be found here.
This is caused because the SEG server (a 2012 Windows Server) has a non self signed certificate in its trusted root store.
Navigate to the SEG server's MMC (Microsoft Management Console). Move the non self signed certificate to the intermediate store.
Note: Any certificate that has the Issued By and Issued To as the same providers is called a self signed certificate.