This is a known limitation with "Protected Users" AD group. It disables the use of NTLM and caching is no longer available.
See Microsoft KB article which details how the "Protected Users" AD group works. It also contains the following warning:
1.- Refer ARS Doc to configure the Administration Service to support Kerberos authentication:
2.- Enable Kerberos authentication.
3.- Connect to the ARS service by using the ARS Service FQDN as this will not work if ‘localhost’ is used:
Note: The ARS Admin has to be a local administrator: