Active Directory

After the November patches, Windows Kerberos authentication fails

Kerberos authentication Issue

Kerberos-authentication-issues

After downloading cumulative updates issued on this month’s Patch Tuesday, business domain controllers may encounter Kerberos sign-in failures and other authentication issues.

Microsoft is looking into this new known issue. On all Windows versions above Windows 2000, the Kerberos protocol has taken the place of the NTLM protocol as the default authentication protocol for domain-connected devices.

The November updates, according to MS “break Kerberos in situations where you have set the ‘This account supports Kerberos AES 256 bit encryption’ or ‘This account supports Kerberos AES 128 bit encryption’ Account Options set” (i.e., the msDS-SupportedEncryptionTypes attribute on user accounts in AD).

Any Kerberos authentication situation inside impacted business setups can be impacted by the known problem, which Microsoft is currently investigating.

You can have Kerberos authentication problems on Windows Servers with the Domain Controller role after installing updates issued on November 8, 2022 or later, according to Microsoft.

You can see a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of your Domain Controller’s Event Log with the following language when this problem arises.

The phrase “the missing key has an ID of 1” will be used to identify errors that are recorded in the system event logs of impacted systems. The account “account name” didn’t have an appropriate key for producing a Kerberos ticket while processing an AS request for the target service “service,” and the missing key has an ID of 1, according to the reported problems. The following examples of Kerberos authentication situations are just a few.

  • Signing in as a domain user might fail. Authentication with Active Directory Federation Services (AD FS) may potentially be impacted by this.
  • It’s possible for Group Managed Service Accounts (gMSA) to have authentication issues when used with services like Internet Information Services (IIS Web Server).
  • Domain user remote desktop connections might not succeed.
  • Shared folders on workstations and file shares on servers may not be accessible.
  • Printing operations that need domain
So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!

Recommended content

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

Repadmin Replsummary

How to prevent lingering objects replication in active directory

AD replication process overview

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any question feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno
Back to top button