We have an application that we've just upgraded and now it is asking for an additional domain login before the user can access, over a VPN or Internet link. The application is using Kerberos for authentication. The vendor is saying it's a setting in AD, but they don't say what that setting is. I've checked the Account/Kerberos Polcy and it appears to be correct. Has anyone seen a similar issue with other applications?