Core Infrastructure and Security Blog

Options
1,193
AtilGurcan on Nov 24 2022 12:40 AM
1,416
AndrewCoughlin on Nov 21 2022 12:00 AM
2,159
BrandonWilson on Nov 18 2022 09:00 PM
9,847
PaulHarrison on Nov 18 2022 10:42 AM
1,760
fbinotto on Nov 14 2022 12:02 AM
1,599
Bruno Gabrielli on Nov 10 2022 12:00 AM
2,376
Bruno Gabrielli on Nov 09 2022 12:00 AM
1,741
BrandonWilson on Nov 03 2022 02:49 PM
6,929
Michael Hildebrand on Oct 31 2022 04:00 AM
3,707
hspinto on Oct 24 2022 12:00 AM
2,799
WillAftring on Oct 17 2022 05:17 AM
3,910
fbinotto on Oct 09 2022 04:12 PM
2,190
BrandonWilson on Oct 07 2022 09:39 AM
5,938
Anthony_W on Oct 03 2022 12:26 AM
6,025
Michael Hildebrand on Sep 30 2022 10:03 AM
4,167
AndrewCoughlin on Sep 26 2022 12:00 AM
4,601
wernerrall on Sep 19 2022 01:16 AM
15.8K
Anthony_W on Sep 12 2022 01:04 AM
3,261
BrandonWilson on Sep 09 2022 02:17 PM
8,874
fbinotto on Sep 06 2022 04:09 PM
15.5K
varghesejoji on Sep 01 2022 11:19 AM
5,050
DarrenTurchiarelli on Aug 29 2022 04:24 PM
3,153
PaulHarrison on Aug 25 2022 02:00 AM
3,054
wernerrall on Aug 22 2022 12:35 AM
3,517
PaddyDamodharan on Aug 15 2022 12:00 AM
6,818
PaddyDamodharan on Aug 08 2022 12:00 AM
2,277
BrandonWilson on Aug 04 2022 08:12 AM
3,227
Joel Vickery on Aug 01 2022 08:33 PM
4,527
AndrewCoughlin on Jul 25 2022 12:00 AM
3,773
WillAftring on Jul 18 2022 07:55 AM

Latest Comments

@Jerry Devore we are only observing RC4 used for TGT tickets obtained by NetApp storage. It is reported in the event 4768 as Ticket Encryption Type 0x17. The vast majority of other computer and user accounts are using AES encryption for TGT tickets for a long time already. And we have changed the pa...
0 Likes
Thank you @Jerry Devore and @RossUA . Your help is much appriciated. After changing msDS-SupportedEncryptionTypes to 0x4 (RC4_HMAC_MD5) , we're able to access the NetApp again. The session key now is RC4. Thank you for your help, we'll check how to get rid of this configuration by either getting rid...
0 Likes
Hi Eric A question that occurred to me. Am I correct in assuming that the "Owner" Security Principal of a computer object would have this capability as well? If that is true and you are some sort of computer provisioning/deployment software like SCCM etc. you would probably want to make sure that Ow...
0 Likes
It would be unrestricted for Kerberos if the GPO for the "Network security: Configure encryption types allowed for Kerberos" policy is not defined.Also, the msDS-SupportEncryptionTypes attribute for the KRBTGT not set(nothing).Will the KRBTGT's encryption type remain the same as RC4 since we deploye...
0 Likes
@FelixF - The November update (11B.22) is causing the updated DCs to default to AES session keys. In some cases you can resolve the issue by explictly setting RC4 in msDS-SupportedEncryptionTypes for the computer objects of the target (NetApp server in this case). However, the recommended approach w...
0 Likes