we have ADCS connector in place and certificate authentication were
failing as well. we resolved it by adding a registry key on the DCs (
StrongCertificateBindingEnforcement) under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc subkey (...
