Member since
12-03-2020
2
Posts
0
Kudos Received
0
Solutions
12-04-2020
03:47 AM
@ateka_18 Here is the Cause and Solution of this issue. Cause: Microsoft recently rolled out an Active Directory update for CVE-2020-17049 [1].
This update indicates: 'When the registry key is set to 1, patched domain controllers will issue service tickets and Ticket-Granting Tickets (TGT)s that are not renewable and will refuse to renew existing service tickets and TGTs. Windows clients are not impacted by this since they never renew service tickets or TGTs. Third-party Kerberos clients may fail to renew service tickets or TGTs acquired from unpatched DCs. If all DCs are patched with the registry settings to 1, third-party clients will no longer receive renewable tickets. Now the Solution is: We have found out that MSFT has also released a fix for the Kerberos authentication issue. To fix the Windows AD, you can engage with the AD team to apply one of the following patches that MSFT has provided to fix the Kerberos authentication issue. Please link on the appropriate link based on the flavor of the Windows Server. Windows Server 2012: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594438 Windows Server 2012 R2: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594439Windows Server 2016: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594441 Windows Server 2019: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594442 Windows Server 1903: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594443 Windows Server 1909: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594443 Windows Server 2004: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594440 Windows Server 20H2: https://www.catalog.update.microsoft.com/Search.aspx?q=KB4594440 Once the patch is applied, the application will be able to renew the tickets without theneed to apply any patch for Hue. [1] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 So in short you have to ask you AD team to apply the below patch on Domain Controllers to resolve this issue since it's a Microsoft Vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049
... View more