Cybersecurity
DevOps Cloud
IT Operations Cloud
Summary
When you applied the November 8, 2022 and later Windows update to AD, Identity Servers failed to authenticate using RC4-HMAC negotiation.
Products
Access Manager (NAM)
Environment
Access Manager 3.2
Access Manager 4.4.0
Situation
When you applied the November 8, 2022 and later Windows update to AD, Identity Servers, IDP, failed to authenticate using RC4-HMAC negotiation.
IDP logged the below message in catalna.out file.
<amLogEntry> 2022-12-19T22:21:18Z SEVERE NIDS Application: AM#200104101: AMDEVICEID#173C007EF15AB712: AMAUTHID#4BBF8F9ECB18CFAB14AE8A79984C466E: Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Error processing SPNEGO/Kerberos : Failure unspecified at GSS-API level (Mechanism level: AES256 CTS mode with HMAC SHA1-96 encryption type not in permitted_enctypes list) </amLogEntry>
Using Access Manager 3.2 or 4.4.0, creating 'nidpkey.keytab' with the option /crypto All did not resolve the authentication failure.
Resolution
Upgrading NAM to 4.4.4 resolved the issue.
URL Name
KM000013919