Microsoft
Microsoftthanks,
8 - I will be able to receive RC4 tickets on the legacy devices, but I won't be able to access the legacy devices from newer operating systems. correct ? Again RC4 service tickets are going to be handed out, however the session key will be AES256 and if that is a legacy windows OS then it will fail authentiation (Typically with KRB_AP_ERR_MODIFIED).
- Now , I can login with my domain user to the legacy OS ? right? Just I won't be able to access the legacy devices from newer operating systems such as file share.
Also , will it work vice versa such as file share access from legacy OS to newer OS ?
2- There are on service accounts which have a SPN set such as ADFS , SCCM.
Is there any extra setting for this ?
also , defined as not set for msDS-SupportedEncryptionTypes.
e.g SCCM Account :
is it occurring any Kerberos authentication issue ?
MSSQLSvc/srv01.contoso.local MSSQLSvc/srv01.contoso MSSQLSvc/srv01.contoso.local.1433
ADFS Account :
HOST/sts.contoso.com