I thought I had this error on my blog somewhere, but when I went looking for it, I could not find it…
When you are working in an environment that uses machines running earlier versions of Windows than 2008 Server or Windows Vista, you may encounter an authentication problem when trying to pass through authentication using Kerberos tickets.
Essentially, the UDP Protocol cannot handle the larger size packets required to capture a Kerberos ticket for someone who has a large collection of groups associated with their login. This scenario has a list of dependencies required to trigger it which are outlined in KB Article 244474, but the fix is to set the following registry key on the web server to 1:
The Parameters key may not exist, if it does not, then create it. The KB Article http://support.microsoft.com/kb/326985 has a lot of useful links to Kerberos articles and descriptions which I have used in the past, so you may also find that helpful.