Error "The encryption type requested is not supported by the KDC" when changing passwords on Accounts migrated with ADMT

Bocar FOFANA 1 Reputation point
2021-12-07T10:37:50.387+00:00

Hello,

I am doing a cross domain migration from Active Directory 2008 R2 to 2016. I used ADMT and PES for the migration of accounts and passwords.

This while the migrated users can't change their password after migration. They have the error: "The requested encryption type is not supported by the Kerberos domain controller". See screenshot below:

155619-image-2021-12-01t13-45-37-483z.png

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,229 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,511 Reputation points
    2021-12-08T19:23:58.047+00:00

    Hi @Bocar FOFANA

    This behavior occurs because of a conflict between the custom local policy or group policy and the service account's properties in Active Directory.

    When you configure the property setting Network Security: Configure encryption types allowed for Kerberos so that the server only supports AES encryption types and future encryption types, the server won't support older Kerberos encryption types in Kerberos tickets

    You can use this article to find out the resolution for this error.

    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/sccm-quot-the-encryption-type-requested-is-not-supported-by-the/ba-p/570914

    SharePoint server configuration requirements to support Kerberos AES encryption if errors occur
    https://learn.microsoft.com/en-us/sharepoint/troubleshoot/security/configuration-to-support-kerberos-aes-encryption

    Hope this resolves your query!

    -------
    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments