An issue that is causing Kerberos sign-in failures has been reported by multiple enterprise domain controllers. The problems appeared after installing updates released during Patch’s Tuesday.
BleepingComputer revealed that readers of their website also reported that Kerberos breaks in situations where they’ve set the “This account supports Kerberos AES 256-bit encryption” or “This account supports Kerberos AES 128-bit encryption” account options.
Microsoft Is Investigating the Problem
The company informed its customers about the issues the Kerberos authentication might encounter after installing the updates released on November 8th, 2022.
When this issue is encountered you might receive a Microsoft-Windows-Kerberos-Key-Distribution-Center Event ID 14 error event in the System section of Event Log on your Domain Controller with the below text.
The phrase “the missing key has an ID of 1” will be used to identify errors that are recorded in the system event logs of impacted systems.
The list of scenarios involving the Kerberos authentication includes, but is not limited to the following:
- Domain user sign-in might fail
- Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
- You might be unable to access shared folders on workstations and file shares on servers.
- Remote Desktop connections using domain users might fail to connect.
- Printing that requires domain user authentication might fail.
The problem seems to be affecting both clients and server platforms. The complete list includes:
- Client: Windows 7 SP1, Windows 8.1, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2016, Windows 10 Enterprise 2015 LTSB, Windows 10 20H2 or later, and Windows 11 21H2 or later
- Server: Windows Server 2008 SP2 or later, including the latest release, Windows Server 2022.
Microsoft stated that the issue is not an expected result and that they have already started enforcing security hardening for Kerberos and Netlogon. The issue is not going to affect the home customers and those who are not enrolled in an on-premises domain. Additionally, it has no effect on environments using mom-hybrid Azure Active Directory or those without on-premises Active Directory servers.
Microsoft is working on a fix and it is estimated that a solution will be available in the coming weeks.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.