SSO stopped working...sorta

I've had SSO working on a Windows AD domain for over a year now without issue. It's still working for the most part but as of yesterday one client will not connect with SSO and I can't figure out why.

• Openfire server: 2008 Server R2

• Clients: mostly Win7x64, a few XP 32 - all use SSO and are working fine

• I do not use krb5.ini, solely DNS

• DNS is setup properly, PTRs all intact, all other clients connect fine using DNS

• clients DNS servers are set properly

• spark.config is 1 master file that is copied via group policy to all clients every time they login in order to standardize settings and delete any changes they make per session

• client java is up to date, no other changes made to AD, client, server etc

• Spark is latest version

The particular client not working is a 2003 terminal server. It's worked fine for a year until yesterday. No changes have been made. When we start the spark client, the Username, Account and Server all populate correctly. When we login we get "Unable to connect using Single Sign-On. Please check your principal and server settings."

The warn.log file populates with:

###########################

WARNING: Exception in Login:

SASL authentication failed:

  -- caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]

          at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:121)

          at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:86)

          at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 319)

          at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)

          at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)

          at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)

          at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)

          at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)

          at java.lang.Thread.run(Unknown Source)

Nested Exception:

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]

          at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

          at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117)

          at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:86)

          at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 319)

          at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)

          at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)

          at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)

          at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)

          at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)

          at java.lang.Thread.run(Unknown Source)

Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))

          at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)

          at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

          at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

          ... 10 more

Caused by: KrbException: Server not found in Kerberos database (7)

          at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)

          at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)

          at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)

          at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)

          at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)

          ... 13 more

Caused by: KrbException: Identifier doesn't match expected value (906)

          at sun.security.krb5.internal.KDCRep.init(Unknown Source)

          at sun.security.krb5.internal.TGSRep.init(Unknown Source)

          at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)

          ... 18 more

###########################

Any ideas? It may be resolved with a reboot but I can't do so at the moment as it's in production. Anything else I can look into until I can reboot?