I enabled the Kerberos authentication and set the authPersistNonNTLM to true. This setting did reduce the number of 401 that was observing before but not drastically. My application is a siebel application and I am using IIS as SWE (siebel web enterprise). As per the description of the authPersistNonNTLM:
Specifies whether IIS automatically re-authenticates every non-NTLM (for example, Kerberos) request, even those on the same connection. False enables multiple authentications for the same connections.A setting of True means that the client will be authenticated only once on thesame connection. IIS will cache a token or ticket on the server for a TCP session that stays established.
When I run the netstat, I see 7 TCP connections with different local ports (on my local machine) connecting to https port on the server with established status. Does this mean, all these 7 connections to the server are treated a different connection for the authentication purpose and will need to be authenticated (401/ 200 status codes)?