GalNeb,
Same environment and same issue. The fix was a combination of things:
The AD accounts for both your 2016 jumpboxes, your vCenter and PSC must be set to allow for Kerberos authentication encryption in AD. This is also required for your service/user accounts. The user accounts are easy to do. All you have to do for them is open up the account properties and click on the account tab. In the Account options scroll down and click the boxes for "This account supports Kerberos AES 128bit encryption." and "This account supports Kerberos AES 256 bit encryption." That's it for the users. The AD accounts need to be done with powershell Below is the check script and the fix script:
Check:
Get-ADComputer -filter * -SearchBase "OU="your OU",DC="Your domain path"" -Properties msDS-SupportedEncryptionTypes,KerberosEncryptionType | select Name,msDS-SupportedEncryption TypesKerberosEncryptionType | sort msDS-SupportedEncryptionTypes | FT
The output will list the computer objects in your OU and their Kerberos Encryption type. When you create a computer account manually this creates a blank value in this field so you have to run the bottom command to set them to AES 128 and AES 256
Set-ADComputer -Identity "YourComputerName" -Replace @{"msDS-SupportedEncryptionTypes"="24"}
I'm sure LucD could come up with a script for multiple systems. If you set the above value to "28" then that will forcefully include AES128, AES 256 and RC4. "24 is just the AES 128 and 256.
You need to make sure you make this change to the jumpbox and the vCenter and PSC appliance AD computer accounts.
Hope this helps. It was the fix for our stuff.