Check out this Microsoft KB article.
If you are seeing Kerberos errors in your event log (add LogLevel DWORD value 1 in the same place to enable logging) this is your fix.
If you are seeing Error Code: 0x34 KRB_ERR_RESPONSE_TOO_BIG this is your fix too.
I was seeing this error mostly on my Sharepoint and OCS servers.
I made an enterprise wide group policy to set this using PolicyMaker. PolicyMaker is great except it does not appear to work on x64 boxes. Those I had to do manually.
This should also allow Kerberos to work over a VPN connection now too!