We had to change the GPO of KDC encryption "Network security: Configure encryption types allowed for Kerberos" to support AES in one of our child domains and we did.
Now the whole Replications in our forest gives this error:
- Error issuing replication: -2146892990 (0x80090342):
The encryption type requested is not supported by the KDC.
We did many researches including restarting KDC services but to no avail. It is strange that this error is being presented on most of the DC (70%) and the rest are showing no problems. At some point we reverted back (the gpo) to previous state but again there is no positive result.