I just ran into a weird problem from my custom webpart in the SharePoint 2010 environment, but couldn't figure out for 2 days. The web app is configured to do Kerberos and I can see the Kerberos token in the server Security event viewer when user logs in to the portal. However, the function "AFObject.FindObject(AFObjectPath)" only returns the AF object when the path is pointing to our production AF, but returns NULL if the path is to our test/development AF server. And if I fired the PISystem.connect() to connect to the AF by using the default credential, I would receive the "The socket connection was aborted" error. It seems it just cannot use the login user's credential to connect to AF and retrieve the AF object from test/dev AF server.
To my best knowledge, all the version and configuration are consistent across the AF servers, and I also made sure the AF elements used here all have proper security configured for the login user.
Any thoughts why would the Kerberos works for one AF server, but not the others?