Kerberos authentication errors after applying patches on Windows to address CVE-2022-37967, CVE-2022-38023, CVE-2022-37966

Solution Verified - Updated -

Issue

  • After Windows DC was patched for security hardening for Netlogon and Kerberos with November 2022 security update
    MC461855, JBoss EAP reported KDC errors:
DEBUG [org.jboss.security] (default task-7) PBOX00206: Login failure: javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:808) [rt.jar:1.8.0_231]
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) [rt.jar:1.8.0_231]
    at org.jboss.security.negotiation.KerberosLoginModule.login(KerberosLoginModule.java:190) [jboss-negotiation-extras-3.0.6.Final-redhat-00001.jar:3.0.6.Final-redhat-00001]
    at sun.reflect.GeneratedMethodAccessor20.invoke(Unknown Source) [:1.8.0_231]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_231]
...
Caused by: KrbException: KDC has no support for encryption type (14)
    at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76) [rt.jar:1.8.0_231]
    at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316) [rt.jar:1.8.0_231]
    at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361) [rt.jar:1.8.0_231]
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:780) [rt.jar:1.8.0_231]
    ... 77 more
Caused by: KrbException: Identifier doesn't match expected value (906)
    at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) [rt.jar:1.8.0_231]
    at sun.security.krb5.internal.ASRep.init(ASRep.java:64) [rt.jar:1.8.0_231]
    at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59) [rt.jar:1.8.0_231]
    at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) [rt.jar:1.8.0_231]
    ... 80 more

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • 7.3.8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content