Microsoft
MicrosoftWill updating the value HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes on our domain controllers cause issues for the accounts with available keys = RC4?
we have some accounts generating 4769 with Available keys = RC4 (and Ticket Encryption Type = 0x17).
what needs to be done?
Event ID 4769 :
A Kerberos service ticket was requested.
Account Information:
Account Name:user@CONTOSO.DOMAIN
Account Domain:CONTOSO.DOMAIN
Logon GUID:{8a6c16d7-f232-8ec5-04fd-673cccc69f57}
MSDS-SupportedEncryptionTypes:N/A
Available Keys:N/A
Service Information:
Service Name:KerberosBTP
Service ID:CONTOSO\KerberosBTP
MSDS-SupportedEncryptionTypes:0x27 (DES, RC4, AES-Sk)
Available Keys:AES-SHA1, RC4
Domain Controller Information:
MSDS-SupportedEncryptionTypes:0x1F (DES, RC4, AES128-SHA96, AES256-SHA96)
Available Keys:AES-SHA1, RC4
Network Information:
Client Address:::ffff:10.10.80.34
Client Port:56714
Advertized Etypes:
AES256-CTS-HMAC-SHA1-96
AES128-CTS-HMAC-SHA1-96
RC4-HMAC-NT
DES-CBC-MD5
DES-CBC-CRC
RC4-HMAC-NT-EXP
RC4-HMAC-OLD-EXP
Additional Information:
Ticket Options:0x40810000
Ticket Encryption Type:0x17
Session Encryption Type:0x12
Failure Code:0x0
Transited Services:-
Ticket information
Request ticket hash:N/A
Response ticket hash:N/A
JerryDevoreAny comment?
MicrosoftHi MaxC0der88 - Yes it could depending on the value to you change it to. If the 4769 event is reporting only RC4 keys then you need to reset the password of the target account (account with the SPN not the account requesting the service ticket). It is not well documented but it can take 2 password changes if the account has no AES keys.
Thanks again. which account password needs to be reset? Account Name:user@CONTOSO.DOMAIN or Service ID:CONTOSO\KerberosBTP ? Which one ?
