Troubleshooting -
We used wireshark, procmon , Dependency checker and log files (for sure) as we moved forward each step.
1. Initial errors were rectified by moving some "Missing DLLs" with SSO 12.6 based on this tech note - Policy Server crashes when initializing the Kerberos Authentication
2. Error that gave us hard time was "Authentication scheme initialization error" - Setting was verified to be accurate, but still when we hit the flow from the workstation browser, we ended up getting up the . Verified each of component for the tickets and what we found was PS was somehow not responding as it should be and ended up with this error.
Tool set mentioned above gave us hints that it was not responding to kerberos requests as it should be, but they did not actually point at what the problem was.
And special mention goes to Brian Dyson/ team who actually figured out the setting that was missing in the setup, which was setting "default_ccache_name" in the kerberos configuration file. This is outside the SSO settings. This parameter (& values) is generally not included because we assume windows to handle this with default locations (or add it only if we have a custom cache file location). Adding this setting did the work for us and kerberos worked like a charm. This setting is particular with new windows servers, we were on windows 2012 R2 for Policy server in this case.
I will try to post another note with additional details for team to refer to. I would recommend folks working on new windows and kerberos to keep this setting in mind while making the configuration.
Thanks
Mukund/-