What type of encryption is Centrify DirectControl agent using to communicate with DC?
If you do not specify an encryption type in the command line, the encryption types defined in the centrifydc.conf file are used. The default encryption types supported are:
• Windows 2000 server and Windows Server 2003:
arcfour-hmac-md5, des-cbc-md5, and des-cbc-crc.
• Windows Server 2008 and higher domain functional level supports these additional types:
aes128-cts and aes256-cts.
Although the agent will support these types in an environment lower than 2008 domain functional level since the domain doesn't support it they will not be used and may cause extra network round trips.
Note If you specify an encryption type that is not listed as a permitted encryption type in the centrifydc.conf file, the key table entry will not be created and an error is displayed. You should verify that the encryption types you want to use are listed for the configuration parameter below:
adclient.krb5.tkt.encryption.types: arcfour-hmac-md5 des-cbc-md5 des-cbc-crc aes256-cts aes128-cts
adclient.krb5.permitted.encryption.types: arcfour-hmac-md5 des-cbc-md5 des-cbc-crc aes256-cts aes128-cts
You can also use the command "klist -kte" which tells you the encryption types in use for all the principles and the kerberos tickets.
on the server as root run the command below: