Microsoftcgaurav20 I agree, going back to RC4 is not a pretty thing.
Did you absolutely check for everything which could ask for RC4 on those machines ? Computer accounts, service accounts with SPN, gMSA, keytabs, or other non-Microsoft software with a missing/faulty Kerberos implementation ?
Do you have any msDS-SupportedEncryptionTypes attribute configured manually on them ?
The most secure protocol available is negotiated between clients and DC, so if some of your machines go back to RC4, that's likely because they have no other choices. You need to identify why.
There is a script which checks all possible accounts here : How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch? - Microsoft Community Hub
Not to say you do not have a real issue either, and another hotfix will be required in a near future. Keep us updated when Microsoft Support troubleshoot this.
