Mapped SMB share stops working after reboot or end of day for AAD joined Win11 24H2 to on-prem servers

We have an issue with current Windows 24H2 machines trying to keep mapped network drive to on-prem files server alive.
Auth to fileserver should be with kerberos.

Devices in environment are a mix of legacy win10 / domain joined (all working fine) - GPO maps drive, connection reliable.

Some of the newer Win11 machines which came with win10 or earlier version of 11 and upgraded to win11 24H2 and have only ever been Entra Joined/AADJ.(never domain joined) can use kerberos to auth and map the smb share, connection remains reliable. persists after reboots / extended uptime for system etc.

Problem is with net new PCs which shipped with win11 24H2. (Windows 11 Professional Edition (Build 26100) (64-bit) Release ID 24H2)

We're having issues with mapped SMB share maintaining connection to fileserver.
It will stop working after reboot, or towards the end of the day.

Domain controller and fileserver OSes are in need of upgrades. Both currently running server 2016
DC - Windows Server 2016 Standard Edition (Build 14393)
File Server - Windows Server 2016 Standard Edition (Build 14393)

Line of sight to server from affected PCs is good.
DNS from affected PC resolves correctly.
When connection appears broken, mapped drive has red x over icon, and unable to reconnect.
Running klist on affected device usually returns no result.
Manually running klist get tgt will sometimes work,
or just running klist get cifs/fs.example.com to obtain cifs ticket for fileserver can work.
Have also seen the following error returned:

PS C:\Windows\system32> klist get tgt

Current LogonId is 0:0x11c4f0

Error calling API LsaCallAuthenticationPackage (GetTicket substatus): 0x6fb

klist failed with 0xc000018b/-1073741429: The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.

Running the following commands against affected PC seemed to have improved the situation at the potential detriment of connection security.
Set-SmbClientConfiguration -RequireSecuritySignature $false -Force

Set-SmbClientConfiguration -EnableInsecureGuestLogons $true -Force

Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -All

Any guidance or suggestions welcome