Share via

Active Directory: Kerberos encryption with AES 128

Harshitha H 1 Reputation point
2022-05-10T06:26:38.227+00:00

We have added a new support to AES-128 encryption only so our client supports AES 128 only , we cannot add support to AES-256 for some internal reasons, and we are receiving error and incorrect negations due to which domain join and user authentications fails, Please help us with the below first two cases.

200450-ker-ad.png

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2022-05-11T07:44:52.41+00:00

    Hi there,

    You can have a look at the below article which Describes the best practices, location, values, and security considerations for the Network security: Configure encryption types allowed for Kerberos security policy setting.

    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos

    For the first error a computer in a child domain of an Active Directory Domain Services (AD DS) forest cannot access a service that resides in a different domain within the same forest.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/unsupported-etype-error-accessing-trusted-domain

    -----------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.