...
Generating this ticked involves contacting the Active Directory server to login with the user and obtain a ticket, then the AD server is asked to create a ticket containing the client credentials, encrypted with the servers credentials of the server. This involves at least 2 roundtrips to the AD server for every request. Because of replay attack defense the defence the tickets cannot be reused but need to be created for each request.
...