OS X Server Kerberos KDC / LKDC local user id

Hello support community folks. I am looking for information and assistance on Kerberos KDC support under OS X Server. Have searched high and low but am apparently missing a basic concept on the relationship of the LKDC and Server KDC when it comes to local user accounts and integration into Kerberos services.

Have configured a new environment recently and have XSAN, OD Master and OD Replication working across two servers with 5 OS X clients of various flavors. The servers are both running on OS X El Captian. The client machines are bound to the OD for login and appear to authenticate fine. In the Kerberos TGT area of things, I can create and display Kerberos Tickets for all (network type) authenticated user id's from each of the clients and each of the two servers.

I cannot however kinit a ticket for the local admin user id. I receive an error "kinit: krb5_get_init_creds: Client (tdc1@MYSERVER1.XXX.NET) unknown".

klist -A displays the following cached ticket for the local user id (tdc1):

***

Credentials cache: API:72EE7066-BDC5-4996-B53C-5ECE43580819

Principal: tdc1@MYSERVER1.XXX.NET

Issued Expires Principal

***

Ticket viewer shows an expired ticket for the (tdc1) id.

I also have an annoying and repeated frequently error flooding the logs on the master OS X Server:

May 30 13:49:32 myserver1kdc:AS-REQ tdc1@MYSERVER1.XXX.NET from 127.0.0.1:50156 for krbtgt/MYSERVER1.XXX.NET@MYSERVER1.XXX.NET

May 30 13:49:33 myserver1kdc:UNKNOWN -- tdc1@MYSERVER1.XXX.NET: no such entry found in hdb

MYSERVER1.XXX.NET is the configured REALM.

The USER ID referenced is the local admin user id on the OS X server hosting the XSAN / OD / KDC / etc.

I am thinking this may have something to do with the relationship (or lack thereof) between the local KDC and Server KDC? But I cannot seem to figure out how to link and or synchronize the two? Am I missing a step or something in the configuration?

If I try and add this USER ID (tdc1) through the Server App as a network type USER ID (So it would be found in the hdb) I get a message stating the ID must be unique. I have tried to rebuild the OD in hopes that it would know how to handle and address local user id's when creating the OD, LDAP and Kerberos hdb's but in the end, it still seems to produce the same results after rebuilds (in that no tickets can be produced for the local admin user id and the repeated log error messages as stated above).

I assume the local admin user id should be able to acquire and use tickets on the same server that is hosting these services (like all of the other network user id's can), correct?. Or is the original local admin ID that was used to build the environment somehow excluded from the Kerberos services by design? And if so, what's with the repeated error in the logs about the local ID not being found in the hdb?

Any insight or tips to steer me in the right direction to correct this is greatly appreciated.