Error: UPGRADE FAILED: the server has asked for the client to provide credentials (get configmaps)

We have a couple of Rancher 2.3.5 clusters that have been running fine for quite some time.
Last week the authentication backend was changed from ADFS to AD.

Since this change we do experience problems with upgrades of workloads from before the change.
New deployments go without problems.

When an update is done the error message Error: UPGRADE FAILED: the server has asked for the client to provide credentials (get configmaps) appears. Given that the authentication backend has changed and that the error message is about authentication it seems that something is off with RBAC.

On the server we run helm 2.16.1 which should have fixes for similar issues.

Did we mis a step when changing the backend? Do we need to make modifications to the RBAC for Tiller? If so, which ones?

At the moment the only way to deploy the apps is to remove the app completely and then redeploy. Once this is done updates go fine again, but this not something we would like to do in our production environment.

Any help is appreciated

Thanks in advance,

Marco