Follow up: I was able to solve this without a new certificate. I found the primary CA certificate for the machine and edited the trust settings to Always Trust for Kerberos client and server. No more errors in the log.
Open Utilities: Keychain Access
Select the System keychain, select Category Certificates.
Here you need to identify the Certificate Authority that best applies to your computer. If you don't know, you'll need to ask. Do a File->Get Info on the CA. Open the trust settings by clicking the triangle next to Trust. Scroll down until you see Kerberos Server and Kerberos Client. Change the trust settings from the pop-up menus to Always Trust.
That's it. If that is the relevant CA, the KDC error messages will go away.