Guest

Preview Tool

Cisco Bug: CSCvv82074 - ISE 2.7 ENH/KRB RC4 encryption change support.

Last Modified

Sep 23, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.7(0.356)

Description (partial)

Symptom:
R4-HMAC-MD5 has different types of encryption that are not configurable on ISE GUI. This can affect use cases where certain level of security is applied on GPO where an specific encryption type is required. 

Following error might be seen during AD join due to encryption rules on the DC side:

Result for ISE node: xxxx. Status: Join Operation Failed: KDC has no support for encryption type
Error Description: KDC has no support for encryption type
 
Support Details...
Error Name: LW_ERROR_KRB5KDC_ERR_ETYPE_NOSUPP
Error Code: 41744

Conditions:
ISE 2.X
GPO's for encryption types on DC side.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.