Windows 2008 server on 2003 Domain failing kerberos pre-auth

I've recently added a few Windows 2008 servers to my Windows 2003 domain. Now my domain controllers are periodically posting Security event ID 675 for the Windows 2008 boxes (only and all of the Win2k8 boxes):

Pre-authentication failed:
    User Name:  MY2008SERVER$
    User ID:        MYDOMAIN\MY2008SERVER$
    Service Name:   krbtgt/MYDOMAIN.LOCAL
    Pre-Authentication Type:    0x0
    Failure Code:   0x19
    Client Address: 10.2.1.32

According to Microsoft, that failure code means "Additional pre-auth required." As nedm noted, the actual RFC says 0x19 means "Server credentials revoked." Logon auditing yielded no useful information. Time is properly synced.

I've found a number of similar reports on the web and the only answer I've seen so far is to set the "Don't require Kerberos pre-auth flag" via ADSIEdit.

This is fine as a workaround, but I don't want to have to do this for every 2008 server I deploy. Any idea where this is coming from? How to fix it for real?

Added a link to MS's site where they label 0x19 as additional pre-auth required. Interesting discrepancy, though. Time is correctly configured on these boxes. I'll test removing/rejoining them to the domain, but given that it's happening with ALL my 2008 boxes that's an unlikely fix.

Bear in mind that these errors are logged by my domain controller's auditing policies - I hear about it when my 2003 boxes fail kerberos auth. Time is configured properly.

Good catch. I'd upvote this as a comment, but not as an answer.

See David's explanation above - decimal vs hex.

Good idea, but they're all unique.