Home

Recommended to roll over Kerberos decryption key Seamless Sign-on

%3CLINGO-SUB%20id%3D%22lingo-sub-964243%22%20slang%3D%22en-US%22%3ERecommended%20to%20roll%20over%20Kerberos%20decryption%20key%20Seamless%20Sign-on%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-964243%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20am%20looking%20at%20my%20Azure%20AD%20Connect%2C%20I%20see%20a%20notice%20that%20it%20is%20recommended%20to%20roll%20over%20the%20Kerberos%20decryption%20key%20on%20my%20on-premise%20Ad%20for%20Seamless%20sign%20on.%26nbsp%3B%20The%20Microsoft%20Docs%20just%20mentions%20it%20is%20recommended%20every%2030%20days%20but%20does%20not%20explain%20in%20detail%20what%20this%20means%20or%20if%20it%20causes%20problems.%26nbsp%3B%20Any%20insight%3F%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-964243%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-968957%22%20slang%3D%22en-US%22%3ERe%3A%20Recommended%20to%20roll%20over%20Kerberos%20decryption%20key%20Seamless%20Sign-on%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-968957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6398%22%20target%3D%22_blank%22%3E%40Jeff%20Harlow%3C%2FA%3E%26nbsp%3BI'm%20by%20no%20means%20an%20expert%2C%20but%20I%20believe%20rolling%20over%20the%20key%20is%20considered%20a%20%22best%20practice%22%20from%20a%20security%20perspective.%26nbsp%3B%20Not%20rolling%20over%20the%20key%20shouldn't%20cause%20SSO%20to%20stop%20working.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20said...you%20should%20do%20it.%26nbsp%3B%20It's%20a%20simple%20procedure.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

When I am looking at my Azure AD Connect, I see a notice that it is recommended to roll over the Kerberos decryption key on my on-premise Ad for Seamless sign on.  The Microsoft Docs just mentions it is recommended every 30 days but does not explain in detail what this means or if it causes problems.  Any insight? Thanks. 

1 Reply

@Jeff Harlow I'm by no means an expert, but I believe rolling over the key is considered a "best practice" from a security perspective.  Not rolling over the key shouldn't cause SSO to stop working.

 

That said...you should do it.  It's a simple procedure.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies