Error "The encryption type requested is not supported by the KDC" when changing passwords on Accounts migrated with ADMT

Bocar FOFANA 1 Reputation point


I am doing a cross domain migration from Active Directory 2008 R2 to 2016. I used ADMT and PES for the migration of accounts and passwords.

This while the migrated users can't change their password after migration. They have the error: "The requested encryption type is not supported by the Kerberos domain controller". See screenshot below:


Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,563 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,186 Reputation points

    Hi @Bocar FOFANA

    This behavior occurs because of a conflict between the custom local policy or group policy and the service account's properties in Active Directory.

    When you configure the property setting Network Security: Configure encryption types allowed for Kerberos so that the server only supports AES encryption types and future encryption types, the server won't support older Kerberos encryption types in Kerberos tickets

    You can use this article to find out the resolution for this error.

    SharePoint server configuration requirements to support Kerberos AES encryption if errors occur

    Hope this resolves your query!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments