Wikis - Page

Knowledge Doc: Kerberos authentication failed after the November 8, 2022 and later Windows update

1 Likes

Summary
When you applied the November 8, 2022 and later Windows update to AD, Identity Servers failed to authenticate using RC4-HMAC negotiation.

Products
Access Manager (NAM)

Environment
Access Manager 3.2
Access Manager 4.4.0

Situation
When you applied the November 8, 2022 and later Windows update to AD, Identity Servers, IDP, failed to authenticate using RC4-HMAC negotiation.
IDP logged the below message in catalna.out file.

<amLogEntry> 2022-12-19T22:21:18Z SEVERE NIDS Application: AM#200104101: AMDEVICEID#173C007EF15AB712: AMAUTHID#4BBF8F9ECB18CFAB14AE8A79984C466E: Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Failure unspecified at GSS-API level (Mechanism level: AES256 CTS mode with HMAC SHA1-96 encryption type not in permitted_enctypes list) </amLogEntry>
Using Access Manager 3.2 or 4.4.0, creating 'nidpkey.keytab' with the option /crypto All did not resolve the authentication failure.

Resolution
Upgrading NAM to 4.4.4 resolved the issue.


Knowledge Base Article Link


URL Name
KM000013919

Labels:

Support Tips/Knowledge Docs
Comment List
Related
Recommended