Here's the message you get in Event Viewer when it errors:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server <ComputerName>$. The target name used was cifs/<DomainName>. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using.
This error message would occur on any domain joined computer.
To fix this, find an account which may have the SPN ‘host/<DomainName>’. This was our case as it was populated on our ADFS service account (not sure if this was manually added or automatically during the ADFS setup). Removing this had resolved the problem and we were able to browse to the root domain again.
Hope that helps!
-A
