Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8022: Mac is creating Event ID 26 in Windows System Logs

Mac & PC Management Service ,  

20 January,17 at 07:35 PM


An Administrator auditing the Windows System Event logs in their network notices many errors from the Key Distribution Center (KDC) which are "Event ID 26" and will have a message similar to:
Log Name:      System
Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
Date:          12/20/2016 9:24:12 AM
Event ID:      26
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MacComputer1.centrifylab.test
While processing an AS request for target service krbtgt, the account <AccountName> did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 3  1. The accounts available etypes were 23  -133  -128  18  17.


This is caused when the adclient on Mac attempts DES encryption, on a Windows Server running 2008 R2 or above, which has DES encryption disabled by default.

More information can be found here :


To workaround this issue, an Administrator can discard these messages, as they are benign to the end User, or else enable DES encryption on the KDC. Alternately, an Administrator can use the following method to prevent these errors:

Find /etc/centrifydc/centrifydc.conf on Mac and modify the following two entries

From the following:
adclient.krb5.tkt.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-md5  des-cbc-md5 des-cbc-crc


adclient.krb5.permitted.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-md5  des-cbc-md5 des-cbc-crc

To the following;

adclient.krb5.tkt.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-md5 


adclient.krb5.permitted.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-exp

For detailed instructions on doing this manually or using Group policy, please refer to this KB

KB-7563 How to manage and edit centrifydc.conf on Mac computers


There are no current resolutions other than implementing one of the work-around's above. 

For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Customer Support Portal at

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.