Event ID 4625 NULL SID

Hi Guys, 

We've recently upgraded a 2003 domain to an 2008 R2 domain, we've also raised the Forest from 2000 to 2008 R2

This has caused part of our accounting software to play up, the software installed on client machines throw up an error which is logged on the accounting software server with Event ID 4625:
----------------------------------

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/05/2013 09:58:48
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      V1DB.worth.local
Description:
An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain:-
Logon ID: 0x0

Logon Type:3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: betty
Account Domain:WORTH

Failure Information:
Failure Reason:An Error occured during Logon.
Status: 0xc00002ee
Sub Status: 0x0

Process Information:
Caller Process ID:0x0
Caller Process Name:-

Network Information:
Workstation Name:-
Source Network Address:-
Source Port: -

Detailed Authentication Information:
Logon Process:Kerberos
Authentication Package:Kerberos
Transited Services:-
Package Name (NTLM only):-
Key Length: 0
------------------------------------------
I can still browse to the share with the UNC path from the client machine

We also get  unusual events on the client machine Event ID 40961 and Event ID 10009:
--------------------------------

Event Type:Warning
Event Source:LSASRV
Event Category:SPNEGO (Negotiator) 
Event ID:40961
Date:10/05/2013
Time:08:25:19
User:N/A
Computer:POP
Description:
The Security System could not establish a secured connection with the server ldap/DC01.worth.local/worth.local@worth.local.  No authentication protocol was available.

----------------------------------------------
Event Type:Error
Event Source:DCOM
Event Category:None
Event ID:10009
Date:10/05/2013
Time:08:43:07
User:WORTH\vone
Computer:POP
Description:
DCOM was unable to communicate with the computer v1db.worth using any of the configured protocols.
--------------------

I was wondering if anyone could point me in the right direction of what changes in the raising of domain/forest levels would of caused this
Is it something to do with it trying to connect to v1db.worth instead of v1db.worth.local ? 
(The accounting software company are suggesting we pay to upgrade to their latest version but cannot guarantee this will fix the issue)

Thanks in advance