My apologies to hijack the topic, but has anyone been able to test the msDS-SupportedEncryptionTypes change for the Clearpass AD accounts? We've noticed the same when running security checks. PEAP-MSCHAPv2 is still needed for some authentications so we can't remove the accounts just yet.
Sorry I should have bothered to update the discussion.
I successfully changed this to 28 (RC4 / AES128 / AES256) without issue for all our CPPM computer accounts. I think if I remember correctly, there was an issue setting it to just AES, RC4 was needed at that point - although likely to have changed since.We've still got it as 28 for CPPM, although we have since removed RC4 from domain controllers (setting to 24) without causing any CPPM issues.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.