Additional information:
The account ADJoiner is an ordinary user in that it has no servicePrincipalName, whereas hosts do have one. I believe this is a crucial difference, because I can get a ticket for anything that has a servicePrincipalName, but not for anything that doesn't.
And indeed, when the first key in the keytab is for another principal that has no servicePrincipalName, the error also occurs.
Additional information: lName, whereas hosts do have one. I believe this is a crucial difference, because I can get a ticket for anything that has a servicePrincipa lName, but not for anything that doesn't.
The account ADJoiner is an ordinary user in that it has no servicePrincipa
And indeed, when the first key in the keytab is for another principal that has no servicePrincipa lName, the error also occurs.