We recently put up a new Windows 2003 Active Directory domain controller to replace a de-commissioned Windows 2000 DC. When my VPN users try to authenticate to it using Kerberos, they are getting rejected with a pre-authentication failed error. I know that this is a common issue with the ASA, and TAC has confirmed that there's no solution for it yet. However, we have another W2K3 DC that has never had this issue. So why now? Why this new DC? What's the difference between my DCs where one can authenticate a user with pre-authentication enabled and one can't?
Any help or information that I can get would be helpful.