Hello Chong,
Thank you for posting in Q&A forum.
How many Domain Controllers are there in your domain? Do you see the same event ID on all the DCs in your domain?
Please check if you have an internal Windows CA server in your domain? If so, you can check if there is KDC certificate in Certificates - Local Computer\Personal store.
If you have Windows CA and there is such certificate (issued using Kerberos Authentication certificate template) on DC, you can try to request such Kerberos certificate on DC, then check if there is still this warning on DC.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.