We have recently come across an issue with Server 2008.  The problem came to light when a 2008 DC was brought up with the same computer name as an existing server elsewhere in the forest.  The 2008 server began throwing the following error to the System Log:

Source: Kerberos    Event ID: 11

The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is cifs/SERVERNAME (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent this from occurring remove the duplicate entries for cifs/SERVERNAME in Active Directory.

Microsoft has information about discovering duplicate Service Principal Names in KB321044, however the recommended steps may not necessarily reveal the duplicate SPN.  A better explanation for this problem is located here: http://blog.joeware.net/2008/07/17/1407/

The short story is as follows…  It appears that Server 2008 is less tolerant of server names that are duplicated in other locations within the forest.  This is a known issue with WINS dating back to Windows 2000 Server, but it appears to cause problems on Server 2008 regardless of whether WINS is in use.  The problem is caused by some services (apparently both on the client and server) still using NETBIOS names to query Active Directory to find a resource – which will yield multiple results when two or more servers have the same NETBIOS names.  The solution to the problem is to ensure that every server (and domain-joined workstation) has a unique name within the forest.

A server experiencing these symptoms may be unable to authenticate logins, as Kerberos in this state is “broken”.  You may also notice Group Policy replication failure events being logged.  We also saw workstations that would attempt to log in to the domain for upwards of 30 minutes.  Rebooting the DCs appeared to provide temporary relief (on the order of 10-15 minutes), but shortly thereafter the above conditions would return.