Hello
Enabling the options “this account supports Kerberos AES 128 bit encryption” and “this account supports Kerberos AES 256 bit encryption” in the account tab of the ADFS service account in Active Directory could potentially change the encryption type used by the service account.
If Single Sign-On (SSO) encounters issues after setting these two options, unchecking them might help to get things working again. However, this would depend on the specific issues encountered and the overall configuration of your system.
Checking those options could mean that the service account will use AES encryption, even if the application (like ADFS 2012 R2) may not support AES. Unchecking it could potentially revert it to use the RC4, given that RC4_HMAC_SHA1 is set in the msds-supportedEncryptionTypes.