Convert Azure Files Storage account to AES256

Iron Contributor

Hi,

 

Mild panic attack, so storage accounts used for Azure files were oriignally set up without AES256, looks like the hybrid join script now defaults to AES256. Which is great.

 

So following this guide: Use Azure Active Directory Domain Services (Azure AD DS) to authorize user access to Azure Files ove...

Looks like the original storage accounts were set up with RC4, we need to convert our existing storage accounts from RC4 to AES256.

 

As a test, I created a new storage account on RC4, ran the PowerShell command to convert to AES256. Looks like it worked fine. Did this on the production AVD storage account. Lost access to the share, my heart sank. 

 

I can see KerberosEncryptionType was originally empty:

Get-AdComputer avdprofilestorage -KerberosEncryptionType

 

ran the command 

Set-AdComputer avdprofilestorage -KerberosEncryptionType AES256

few moments later, lost access. To revert there was no way to set a null command so ran:

Set-AdComputer avdprofilestorage -KerberosEncryptionType RC4

then everything came back. 

Maximum compatibility is set on the storage account. 

 

Just wondering if there is anything else I have missed?

 

Worst case scenario is being locked out of the share.

 

Thanks

0 Replies