You are right. Unfortunately, kerberos in this condition doesn't work out of the box.
First of all, you have to say to Windows allow send kerbetos tickets over a port non-80, and in order to do it, you must create these two registries entries (32bits and 64bits): http://support.microsoft.com/kb/908209
Beside this configuration, also you must make sure that in your IE, you have your suffix DNS in Intranet Zone (Internet Options -> Security -> Local Intranet -> Sites), e.g. intel.com and also, in "Custom Level..." you must have this option checked:
I should be able to connect to you vPro machine using kerberos from IE in order to make sure that it's working, just pointing your IE to vPro machine, e.g. http://vpromachine.intel.com:16992 or https://vpromachine.intel.com:16993
My two cents!