![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 67%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,913 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Russell Ang
Following to value in registry key DES seems enabled in the oprating system of ADFS server.
In other hand ,the supported encryption for kerberos can be controled by the attribute MS-DS-SupportedEncryptionTypes in computer object and service account where you set the SPN for you ADFS service. It can be also managed by GPO.
It's recommended to force AES encryption instead of DES and RC4. You should start to disable them on computer client and servers before domain controllers.
For more details , I invite you to read the following article: Decrypting the Selection of Supported Kerberos Encryption Types
Please don't forget to mark helpful answer as accepted