ADCA and kerberos?
Hi!
I was following this guide to mitigate the petitoam issue.
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
But under additional mitigation it says the following:
Disable NTLM for Internet Information Services (IIS) on AD CS Servers in your domain running the "Certificate Authority Web Enrollment" or "Certificate Enrollment Web Service" services.
To do so open IIS Manager UI, set Windows authentication to Negotiate:Kerberos:
If I do that the IIS manager gives an error "kernel mode authentication cannot be used with negotiable 2 providers" So it seems that enabling kernel mode authenticaiton stops the option to have negotiate Kerberos?
Info:
Server 2012 R2