Its amazing what looking at the correct entry in the manual can do for someone.
This is now fixed, I'd implemented the AD/Kerberos blappserv_login.conf in error.
The correct file should have been:
Notice the first line :-)
This error usually comes if we don't re-start application server services after running "set AuthSvc IsDomainAuthEnabled true" blasadmin command.
Please ensure "blappserv_login.conf & blappserv_krb5.conf" files exists with same "exact" names in "br" directory and have enough permissions and ownerships....