Forum Discussion
Problem with kb KB5018411 on domain controllers
After we install KB5018411 on WS 2016 domain controllers, we cannot authenticade rdp connections using dns name in mstsc against servers and client, in network capture we see Kerberos errors 1039 9....
Try this out of band update and see if it fixes the issue.
https://support.microsoft.com/en-us/topic/october-18-2022-kb5020439-os-build-14393-5429-out-of-band-f9840376-4f36-45c3-8dd8-f366c4b884dd
https://support.microsoft.com/en-us/topic/october-18-2022-kb5020439-os-build-14393-5429-out-of-band-f9840376-4f36-45c3-8dd8-f366c4b884dd
- Hi we try but it doesn't help either
- After some more searching this looks to be an issue with the encryption ciphers.
What clients are trying to RDP to Server 2016? Windows 10 or Windows 11?
Use this tool to check your enabled encryption on the Server. https://www.nartac.com/Products/IISCrypto/
Check the cipher suite order as well. If you make a change you do need to restart the computer.
This post is different from your issue, but they found TLS/cipher order to be the issue
https://support.oneidentity.com/safeguard-authentication-services/kb/4274683/-krb5kdc_err_preauth_required-causing-join-to-fail
https://community.spiceworks.com/topic/2293152-need-help-with-kerberos-authentication-troubleshooting
