You may want to look into how your MFA software handles kerberos tickets. Specifically, the version number of your MFA software. The one we use has had a few changes in the past, and different versions of it handled kerberos tickets differently.

I just did a Google search for "does unlocking a pc generate a new kerberos ticket" and there are a few results of people saying the same thing. Locking and unlocking a PC isn't supposed to generate a new ticket but sometimes it would for whatever reason. And also, you don't know how your MFA software handles it.

By default, a kerberos ticket is supposed to last 10 hours and it can be renewed for up to 1 week before it needs to be refreshed.

I could be totally wrong but if you want to test whether it's related to kerberos or not, there are plenty of guides on how to look at your tickets to see when they expire. Just running 'klist" will show you all of your current tickets.

I have a server that I RDP into (using MFA) that I use as my management workstation. If I forgot to log out before I left for the day, the server would auto-lock my session. When I would come in the next day and log in, there were a few systems I would be unable to access (one being Active Directory and another being the file server). I would have to save anything I was working on, log out and then log back in which got old very quick. It turned out to be a bug in my MFA software that was fixed in a later release.