Hi Experts,
during some Secure Login Server installations we faced the issue with Kerberos Encryption Types. One customer pre-generated for us his keytab on the DC and we imported on the SLS using the SPNego configuration. The keytab issued contains AES algorithm only. SLC wasn't able to authenticate against SLS, to be clear the decryption of the ST failed. We checked on the client side using several tools and found out the ST was encrypted by the KDC using RC4-HMAC. We are using a 2008 R2 DC and Windows 8.1 Client. Customer was using 2012 R2 DC and Windows 8 PC. I did some tests and can confirm this ST is always encrypted using RC4. Most all the Ticket for other services was using AES, what i would expect in a "native" Windows 7/8 and 2008/2012 environment...
Question: is there any configuration on the SLC, on the DC etc. to enable AES encrypted ST´s ?
Thanks for your answers..
Carsten