Decrypt integrity check failed

vishal vicky.recw at gmail.com
Mon Nov 13 17:00:51 EST 2017


Hi,

In AS_REP I see that domain controller is sending the enc type as etype:
eTYPE-AES256-CTS-HMAC-SHA1-96 (18)

however in TGS_REP it is sending as etype: eTYPE-ARCFOUR-HMAC-MD5 (23),

This is causing the " Decrypt integrity check failed" error. Any reason why
domain controller will behave like it?

--Vishal


More information about the Kerberos mailing list