I’m exploring their use in a test domain and it seems everything is correct, however I keep getting ”A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.“ when trying to log in with the account in the silo to a computer in the silo. 

  Anybody using them?  Or have any experience with them?   Todd     Todd Mote, MCP, MCSA+Messaging, MCSE | moter@xxxxxxxxxxxxxxxx Enterprise Systems Management | Information Technology Services | The University of Texas at Austin