I would like to get some help to troubleshoot WHfB PIN authentication and Kerberos.

I have deployed WHfB with Key trust model in our environment.  It is working as supposed and I have configured two Windows 10 machines with WHfb PIN:

machine 1:  Windows 10 enterprise (2004) laptop , Hybrid joined.

machine 2: a virtual machine running on machine1, Windows 10 enterprise (20H2) with bridged network, AAD joined. 

I can login into both machine with PIN, in office and in home.

Problem: when I am in office and connected to on-premises network with wire,

machine 1: I can login with my AD credential or the PIN, after login, I can see shared disks. 

klist shows Kerberos tickets.

Machine 2: 

If I login with AD credential ( UPN and password), klist shows one ticket after login, and I can access shares.

If I login with PIN, klist show 0 ticket, and I can't access share ( when I tried, it popup login window and ask to login with pin, then it failed again and claim I don't have permission ).

nltest /sc_query:mycompany.local
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE

I think PIN should also grant me access to Kerberos for AAD joined machines, not sure where to start look at.

our DC environment:

2 old Windows 2012R2 DC.

2 new Windows 2019 DC.

klist

Current LogonId is 0:0x1ceb8a

Cached Tickets: (0)

nltest /sc_query:mycompany.local
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE