Hallo I_shelby,
Ich hatte das Problem unter V7R1

lies mal das
1. On the IBM i from QSHELL, type the command keytab list and verify the following key types for the krbsvr400 account

Key type: 128-bit AES
Key type: 256-bit AES
Key type: ARCFOUR
If you do not have these key types you need to remove the current principal and add a new one to get the AES and ARCFOUR keys.

2. Make sure the /QIBM/UserData/OS400/NetworkAuthentication/krb5.conf file contains the following lines under the "default_realm" property.

default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96,arcfour-hmac
default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96,arcfour-hmac

3. In QSHELLL type the command keytab delete krbsvr400/AS1.imHausl@DE.Domaine where the krbsvr400 principal was from the keytab list command ran earlier.

Note: If you do not recall the password used when configuring Network Authentication earlier you will need to reset this on the Active Directory server in step 4

4. In QSHELL run the command keytab add krbsvr400/AS1.imHausl@DE.Domaine -p password

Where password is the Active Directory account password

5. On the Windows server, go to the AD Server and then go to the Account tab for the krbsvr400 user.
Uncheck the Use DES Encryption, and check the box This Account Supports Kerberos AES 128 and 256 Encryption. Reset the password if needed from what was used in step 3.

6. Verify in QSHELL with kinit -k krbsvr400/AS1.imHausl@DE.Domaine followed by klist -e
you should see the encryption types of AES or ARCFOUR

Bei mir haben die Einträger in der krb5.conf gefehlt.
Wenn du eine WinServer 2012 hast, dort muss beim User krbsvr..... explizit AES angegeben und DES rausgenommen werden.

Klaus