Please also post (or email) the following information:
- KDC vendor/product/version (AD, MIT Kerberos, …?)
- Operating system of node where elasticsearch is running
- Operating system where clients are running
- /etc/krb5.conf
- How did you create the keytab
- Java vendor and version
- In case of Java 8: Have you installed Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files? Can yo try AES128 with HMAC SHA1-96 instead of AES256
- Is AES256 CTS mode with HMAC SHA1-96 supported by the KDC?