An Administrator auditing the Windows System Event logs in their network notices many errors from the Key Distribution Center (KDC) which are "Event ID 26" and will have a message similar to:
Log Name: System
Date: 12/20/2016 9:24:12 AM
Event ID: 26
Task Category: None
While processing an AS request for target service krbtgt, the account <AccountName> did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes were 3 1. The accounts available etypes were 23 -133 -128 18 17.
This is caused when the adclient on Mac attempts DES encryption, on a Windows Server running 2008 R2 or above, which has DES encryption disabled by default.
More information can be found here :https://technet.microsoft.com/en-us/library/cc734055(v=ws.10).aspxWorkaround:
To workaround this issue, an Administrator can discard these messages, as they are benign to the end User, or else enable DES encryption on the KDC. Alternately, an Administrator can use the following method to prevent these errors:
Find /etc/centrifydc/centrifydc.conf on Mac and modify the following two entries
From the following:
adclient.krb5.tkt.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-md5 des-cbc-md5 des-cbc-crc
adclient.krb5.permitted.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-md5 des-cbc-md5 des-cbc-crc
To the following;
adclient.krb5.tkt.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-md5
adclient.krb5.permitted.encryption.types: aes256-cts aes128-cts arcfour-hmac-md5 arcfour-hmac-exp
For detailed instructions on doing this manually or using Group policy, please refer to this KBKB-7563 How to manage and edit centrifydc.conf on Mac computersResolution:
There are no current resolutions other than implementing one of the work-around's above.
For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Customer Support Portal at https://www.centrify.com/support/customer-support-portal/