For a while, Microsoft’s KnowledgeBase article 976424, titled Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN", has been available to solve issues with unexpected behavior after authoritatively restoring the krbtg account on Windows Server 2008 and Windows Server 2008 R2-based Domain Controllers.
The KnowledgeBase article doesn’t state this KnowledgeBase applies to Windows Server 2012. This is true, but it does affect Windows Server 2012.
Robert Smit, a Dutch Microsoft MVP on Fail-over Clustering and my friend, pointed out to me you need to have this hotfix applied to all Domain Controllers running Windows Server 2008 and Windows Server 2008 R2 to be able to add Windows Server 2012-based fail-over clusters to the domain.
These days, most fail-over clusters are deployed to provide a robust, scalable and highly-available virtualization platform using Hyper-V. If you plan a Windows Server 2012-based Fail-over Cluster in your environment running Windows Server 2008 or Windows Server 2008 R2-based Domain Controllers, apply this hotfix during the next service window.
Note:
Domain Controllers need to restart to apply this hotfix.
In this series
Active Directory in Hyper-V environments, Part 1
Active Directory in Hyper-V environments, Part 2
Active Directory in Hyper-V environments, Part 3
Active Directory in Hyper-V environments, Part 4
Active Directory in Hyper-V environments, Part 5
Active Directory in Hyper-V environments, Part 6
Related KnowledgeBase articles
Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN"
The kpasswd protocol fails with a KDC_ERR_S_PRINCIPAL_UNKNOWN error after you perform an authoritative restore on the krbtgt account in a Windows Server 2008 domain
Further reading
The System Center Connector Robert Smit Cluster MVP