Kerberos: can't get S4U2Self ticket for user abc@xyz.com - TGT has been revoked (-176532836)

Kevin_Stewart may be able to chime in on this one.

To me, that looks like it would be related to delegation, but I can't say for sure. I know this is a pain, but have you tried running a duplicate vip and policy, but for xyz.com direct? I do understand that defeats the purpose, but it would rule this out..

i have a similar issue since 2-3 weeks. right now we investigate but cant find the real root cause, as this problem is difficult to reproduce, and looks to popup "randomly".

I personnaly got hte problem this morning :

Feb 6 08:03:17 ch-lb03.mgmt.sara notice tmm2[27093]: 01490552:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: User TOTO@MYACTIVEDIRECTORY.DOMAIN from Computer is authenticated
Feb 6 08:03:17 ch-lb03.mgmt.sara notice tmm2[27093]: 01490506:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: Received User-Agent header: Microsoft%20Office%2F15.0%20(Windows%20NT%2010.0%3B%20Microsoft%20Outlook%2015.0.5493%3B%20Pro).
Feb 6 08:03:17 ch-lb03.mgmt.sara notice tmm2[27093]: 01490500:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: New session from client IP 192.168.32.238 (ST=/CC=/C=) at VIP 10.1.16.1 Listener /Common/CH_Exchange2013.app/CH_Exchange2013_combined_https (Reputation=Unknown)
Feb 6 08:03:17 ch-lb03.mgmt.sara notice apmd[21687]: 01490005:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: Following rule 'fallback' from item 'SSO Credential Mapping(1)' to ending 'Allow'
Feb 6 08:03:17 ch-lb03.mgmt.sara notice apmd[21687]: 01490102:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: Access policy result: LTM+APM_Mode
Feb 6 08:03:17 ch-lb03.mgmt.sara notice apmd[21687]: 01490248:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: Received client info - Hostname: Type: unknown Version: 0 Platform: unknown CPU: unknown UI Mode: Full Javascript Support: 0 ActiveX Support: 0 Plugin Support: 0
Feb 6 08:03:19 ch-lb03.mgmt.sara err websso.0[28699]: 014d0056:3: /Common/CH_Exchange2013.app/exch:Common:1c6ac698:Kerberos: can't get S4U2Self ticket for user TOTO@MYACTIVEDIRECTORY.DOMAIN.PARENTDOMAIN - TGT has been revoked (-1765328364)
Feb 6 08:03:19 ch-lb03.mgmt.sara err websso.0[28699]: 014d0048:3: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: failure occurred when processing the work item: Kerberos failed
Feb 6 08:06:41 ch-lb03.mgmt.sara notice tmm2[27093]: 01490502:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: Session deleted due to user inactivity.
Feb 6 08:07:22 ch-lb03.mgmt.sara notice tmm2[27093]: 01490521:5: /Common/CH_Exchange2013.app/exch:Common:1c6ac698: Session statistics - bytes in: 51548, bytes out: 62098

I simply restart my machine, then it has work.

On our side, we didnt do change on BigIp, either on Office/Exchange. but we suspect a new release of Webex.