CIFS Kerberos outage after set msDS-SupportedEncryptionTypes to 30
Applies to
- ONTAP 9
- CIFS/SMB
- Kerberos
- Active Directory
Issue
- Used Active Directory Attribute Editor to change CIFS server's machine account's attribute
msDS-SupportedEncryptionTypes
to value30
- Afterwards, CIFS clients that navigate to
\\hostname
cannot access data because Kerberos authentication fails - CIFS clients that navigate to
\\1.2.3.4
can access data because NTLM authentication succeeds