Microsoft have released an Out Of Band Update to resolve the Kerberos issues experienced after installing the November 2022 Cumulative Updates on Domain Controllers.
Initially after applying the November 2022 update several issues were reported including client machines failing to authenticate with Domain Controllers, ADFS authentication issues, RDS login failures and unable to access file shares.
System Event Logs on Domain Controllers would also show the following error – Event ID 14 –
While processing an AS request for target service krbtgt, the account CLIENT$ did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 18 17 20 19 16 23 25 26. The accounts available etypes : 23 18 17. Changing or resetting the password of CLIENT$ will generate a proper key
The temporary mitigation was to either uninstall the update or apply a registry key on the Domain Controllers – reg add “HKLM\SYSTEM\CurrentControlSet\services\kdc” /v ApplyDefaultDomainPolicy /t REG_DWORD /d 0 /f
Now Microsoft have addressed this issue with an Out of Band Update, details of which can be found here: https://support.microsoft.com/en-au/topic/november-15-2022-kb5019157-os-build-22000-1281-preview-d64fb317-3435-49ff-b2c4-d0356a51a6b0
Links to Out of Band Updates:
0 Comments