APM retain the kerberos ticket that you already played and fallback to a 401 prompt as it doesn't allow to replay the same kerberos token multiple times. You have to clear your Authentication cache on the Browser side. We workaround this behavior by injecting a javascript code within the response to the client. Here is an example of javascript function that work : void(document.execCommand('ClearAuthenticationCache').
The issue is that Internet Explorer send the same kerberos token every time until you close your browser or remove the cache. And APM doesn't support it...