MicrosoftFinalnet I have already gone through above articles and that's where I got to know that RC4 is the issue. I have tested with PS scripts, and I do not have any account using DES or RC4. Even as I said earlier our DC's were already enforced for AES encryption, so if DES or RC4 would have been set for the accounts then it would have already stopped working for those accounts before the patch.
I can also confirm the moment I set my GPO for encryption keys as not defined things start to work. So, this patch is fixing half part only for AS authentication requests now it gets block at TGS part.
I have another environment (Different Forest) as well too where I could see similar behavior of authentication failing at TGS part.
Can I conclude final solution is only to not to set msDS-SupportedEncryptionTypes by any means (GPO or per user settings)?
