Issues after domain raise

  • 137 Views
  • Last Post 17 August 2017
  • Topic Is Solved
Dima Razbornov posted this 16 August 2017

Hello, gents! We’re faced with weird issues after domain level has been raised from 2003 to 2012 R2.
In fact, we found that password of "krbtgt" account hasn't been changed during the process as supposed to be to support AES encryption. Furthermore, we found a couple more issues. 
 The main issue is - "Session Key Type" of "PRIMARY" (Cache Flag: 0x1) "krbtgt" Kerberos ticket is "RC4-HMAC", but "KerbTicket Encryption Type" is "AES-256-CTS-HMAC-SHA1-96". At the same time, for other Kerberos tickets both "Session Key Type" and "KerbTicket Encryption Type" are "AES-256-CTS-HMAC-SHA1-96". All domain controllers are running Windows Sever 2016 now

Cheers, Dima.

 

Order By: Standard | Newest | Votes
patrickg posted this 17 August 2017

https://blogs.technet.microsoft.com/exchange/2015/02/13/considering-updating-your-domain-functional-level-from-windows-2003-read-this/

 

 

 

show

Dima Razbornov posted this 17 August 2017

Sorry, I should mention about this before- this is exactry the same article I wrote in the first message. I've rebooted all DC and try to reset password couple of time with no luck in this environment.

Case closed.

https://blogs.technet.microsoft.com/askds/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers/

Close