Ubuntu 12.04, Windows 2012 Active Directory Integration, Kerberos won't resolve service principals

Ubuntu 12.04, Windows 2012 Active Directory Integration, Kerberos won't
resolve service principals

after having checked the whole internet literally, I hope that I might get
help here.
I am trying to accomplish integration of ubuntu 12.04 servers into a
Windows 2012 active directory with nfs and single sign on.
setup:
srv02 Windows server
srv03 Ubuntu file server
srv04 Ubuntu application server
domain: lettrich.local
realm: LETTRICH.LOCAL
what works
windows 2012 AD setup with dns ntp and dhcp
ubuntu servers registert in ad with msktutil and getting
kerberos tickets for users (eg. kinit Administrator@LETTRICH.LOCAL works)
and machines ( kinit -k srv03$@LETTRICH.LOCAL works),
uids and gids get resolved using identity management for UNIX on AD and
sssd over gssapi.
What does not work:
mounting an NFS share on srv04 hosted on srv03.
getting a kerberos ticket for service principals.
eg.
sudo kdestroy
sudo kinit -k
kinit: Client 'host/srv03.lettrich.local@LETTRICH.LOCAL' not found in
Kerberos database while getting initial credentials
krb5.keytab on srv03, analog for srv04.
sudo klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
10 srv03$@LETTRICH.LOCAL (arcfour-hmac)
10 srv03$@LETTRICH.LOCAL (aes128-cts-hmac-sha1-96)
10 srv03$@LETTRICH.LOCAL (aes256-cts-hmac-sha1-96)
10 nfs/srv03.lettrich.local@LETTRICH.LOCAL (arcfour-hmac)
10 nfs/srv03.lettrich.local@LETTRICH.LOCAL (aes128-cts-hmac-sha1-96)
10 nfs/srv03.lettrich.local@LETTRICH.LOCAL (aes256-cts-hmac-sha1-96)
10 host/srv03.lettrich.local@LETTRICH.LOCAL (arcfour-hmac)
10 host/srv03.lettrich.local@LETTRICH.LOCAL (aes128-cts-hmac-sha1-96)
10 host/srv03.lettrich.local@LETTRICH.LOCAL (aes256-cts-hmac-sha1-96)
nfs exports:
cat /etc/exports
/export
gss/krb5(rw,fsid=0,no_subtree_check,sync,insecure,crossmnt,anonuid=65534,anongid=65534)
/export/users
gss/krb5(rw,no_subtree_check,sync,insecure,nohide,anonuid=65534,anongid=65534)
/export/groups
gss/krb5(rw,no_subtree_check,sync,insecure,nohide,anonuid=65534,anongid=65534)
/export/share
gss/krb5(rw,no_subtree_check,sync,insecure,nohide,anonuid=65534,anongid=65534)
/export/backup
gss/krb5(rw,no_subtree_check,sync,insecure,nohide,anonuid=65534,anongid=65534)
mounting on srv04
sudo mount -t nfs4 -o sec=krb5 srv03:/export /mnt
gives me the error
srv04 rpc.gssd[754]: ERROR: No credentials found for connection to server
srv03
Active directory has both srv03 and srv04 listed as domain computers with
correct service principal names.(names changed accordingly)
service principal name = nfs/srv03.lettrich.local; host/srv03.lettrich.local
Where is my mistake? (and yeah, time is in sync ;-) )
Will provide further information if needed.
Thanks to all in advance who are willing to help.