Skip to main content
NetApp Knowledge Base

What is the impact to ONTAP CIFS/SMB when Microsoft disables RC4 for Kerberos?

  1. Last updated
  2. Save as PDF
Views:
1,089
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
NAS
Last Updated:

Applies to

  • ONTAP 9.13.1
  • ONTAP 9.10.1

Answer

  • Microsoft is deprecating RC4 as a supported Kerberos encryption type for Active Directory, with staged enforcement through 2026.
  • Impact for ONTAP 9.13.1 and later
    • AES encryption enabled by default
    • Kerberos authentication continues without AD RC4 fallback
    • No impact expected
  • Impact for ONTAP 9.10.1
    • AES encryption not enabled by default
    • RC4 removal in AD prevents Kerberos authentication when AES is disabled
    • System requires one of the following:
      • Upgrade ONTAP to 9.13.1 or later
      • Enable AES manually on the Storage Virtual Machine (SVM)
  • AES enablement on ONTAP 9.10.1

vserver cifs security modify -vserver <svm_name> -advertised-enc-types aes-128,aes-256

vserver cifs security show -vserver <svm_name> -fields advertised-enc-types

  • Microsoft RC4 removal timeline
    • 2026 Jan: Audit mode
    • 2026 Apr: AES default, RC4 fallback disabled
    • 2026 Jul: RC4 removed completely

Additional Information

additionalInformation_text
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.