Exchange 2016 and Sever 2016 DCs: Unknown KDC Encryption type
I think you may first check the SPN, you could run “SetSPN -L <ExchangeServerName>
” command to check the SPN configuration. It should contain:
SMTP/<ExchangeServerName>
SMTP/<ExchangeServerName>.example.com
SMTPSVC/<ExchangeServerName>
SMTPSVC/<ExchangeServerName>.example.com
If some missed, you could run "setspn -a <data>
" to add.
And then, on the client side, run “klist tickets” in CMD to check the ticket type. Usually it should be “AES-256-CTS-xxx”.
Here is a related blog about ticket types: https://blogs.msdn.microsoft.com/openspecification/2011/05/30/windows-configurations-for-kerberos-supported-encryption-type/
In addition, according my research, beginning with Windows Server 2016, KDCs can support the PKInit freshness extension. Maybe you could also check this point.