Kerberos Configured, but occasionally users login using NTLM

I have configured all of my MOSS2007 websites to use kerberos, and this seems
to be working OK most of the time. The problem that I am encountering is that
occasionally, and seemingly at random, a user will be logged in using NTLM (I
can see this in the event log).

This is causing problems with a couple of my applications (eg reporting
services), which rely on the credentials being passed from my sharepoint
server to a second server.

The problem appears intermittently, and seems to happen for all users. So I
may have USERA showing in the security log as using Kerberos for all of their
logins, and then all of a sudden they will get an NTLM login entry.

Does anyone have any ideas on why this happens and how to stop it from
Is there a way of forcing websites to only use Kerberos, rather than failing
over to NTLM?

Thanks in advance for any assistance. If you need any further information,
please let me know.

PS. My domain is native 2003, client machines are Vista/XP running IE7