NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4
I had same issue with same configuration. IIS for Kerberos authentication. My setup also uses IIS, ISAPI Redirector (Jakarta) and Apache Tomcat8.0
The kerberos ticket is not valid for more than10 hrs so user has to generate krb ticket again, which is not suitable.
I found the root cause in my configuration, Tomcat was not able to handle the ticket size ( even after adding allowtgtsessionkey) so added below entries on all client PC and it started working without any issue.
change the line below
<packetSize="21000" maxHttpHeaderSize="65536"> in APACHE TOMCAT server.xml file.
Value - 65534 (64kb) bytes
Value Name: EnableMaxTokenSize =0
Value name: MaxTokenSize
Value data: 65535
Please let me know if it works for you.
Note; If user has admin rights then it will pop up kerberos password window(TC10.17.1). It's kind of bug which is resolved in TC11.4.*