MicrosoftHi,
implemented the modern way in a test environment, meaning PAW (cloud native) and the AVD hostpool dmoin joined. Auth policy and so on created via the Powershell Script Toolkit. All seems to be fine but whenever the policy is enforced we get:
A Kerberos Ticket-granting-ticket (TGT) was denied because the device does not meet the access control restrictions.
tier 0 systems are targeted correctly, policy is applied to the tier 0 admin accounts.
Kerberos armoring is activated via gpo for the DCs and clienst/member servers, we see via wireshark also the incoming kerberos requests (so no firewall issue as well)
Anyone else have the same problem? Currently totally confusing as we checked everything multiple times and can't find any misconfiguration.
Servers are freshly installed Server 2022.
Thank you for any suggestions
