In Horizon version 7.13.1 – build 18057992 after enabling an Instant Clone pool, status remains at 0% then fails with the message:
Error: could not authenticate with domain administrator credentials
KDC error in the following Log C :\ProgramData\VMware\VDM\logs\debug-2022-07-06-0631.txt
2022-07-12T09:12:30 DEBUG (1A3C-280C) <WFE-20>[UbidConnectionPool]LoginException while creating LdapConnectionPool: KDC has no support for encryption type (14)
This error started to occur after we updated our domain controllers to the latest DISA Stig for Server 2019 Domain Controllers. Since the debug log returned a KDC error we looked at the following setting in group policy applied to the Domain Controllers:
Security Settings > Local Policies > Security Options>Network security: Configure encryption types allowed for Kerberos
We enabled RC4_HMAC_MD5 and enabled the instant-clone pools which finished building and were able to be accessed from the zero clients without issue.
My question is: Is there a way to configure Horizon to accept the AES256_HMAC_SHA1 ? Is there a version of Horizon that does?
Wonder if the the service account used for instant clone AD domain account is set to use AES encryption.
thanks for the reply, I checked the Account Options in the Service Account's Properties and no Kerberos Options are selected.
Thanks. Just curious to know if enabling it worked?