Skip to main content
NetApp Knowledge Base

Kerberos Encryption Type Change Fails with "KDC has no support for encryption type" Error

Views:
51
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
NAS
Last Updated:

Applies to

  • ONTAP 9
  • Kerberos encryption types

Issue

When attempting to change the Kerberos encryption types from 'rc4, des' to 'aes-128, aes-256',the following error occurs:

Cluster::> vserver cifs security modify -vserver <Vserver name> -advertised-enc-types aes-128,aes-256
      Enter your user ID: Administrator@test.com
      Enter your password:

      Error: command failed: Password update failed. Reason: Kerberos Error: KDC has no support for encryption type.

Secd log:

00000020.001098b2 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.587]  info :  [krb5 context 09618400] Retrieving STRG_USER$@SHIMPO.LOCAL from SPINKT:kt:C:12 (vno 0, enctype aes256-cts) with result: -1765328203/Key table entry not found
00000020.001098b3 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.599]  info :  [krb5 context 09618400] Preauth module encrypted_timestamp (2) (real) returned: -1765328203/Key table entry not found
00000020.001098b4 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.631]  ERR  :  CIFS server could not authenticate as 'STRG_USER$@SHIMPO.LOCAL': Generic preauthentication failure (KRB5_PREAUTH_FAILED) { in getKerberosServerCredentials() at src/utils/secd_krb_utils.cpp:617 }
00000020.001098b5 04381ec9 Fri Mar 07 2025 09:33:05 +09:00 [kern_secd:info:10862] | [000.010.647]  ERR  :  RESULT_ERROR_KERBEROS_UNKNOWN_ERROR:7556 in getKerberosServerCredentials() at src/utils/secd_krb_utils.cpp:633

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.