VMware software including vCenter, are affected by an issue related to November patches on Domain Controllers related to changes in Kerberos. This problem was introduced by the newly released Out of Band (OOB) hotfix. (See: Updated Schedule- November 2022 Patching for Windows – USGS Technical Support Teams).
To resolve, change the “msDS-SupportedEncryptionTypes” attribute on the VMware vCenter or VMware Hypervisor’s AD object to “24”. This will convert to 0x18 in hex code and allow only AES connections and fix the issue. Once done, clear browser cache and sign ins should work again. This should be done ASAP to ensure AD logins continue to work on these appliances before the rest of USGS Domain Controllers receive this update on 11/29/2022.
Powershell example to confirm change has been made:
Get-ADComputer igskrd907l001 -properties msDS-SupportedEncryptionTypesDistinguishedName : CN=IGSKRD907L001,OU=pmoreland,OU=Laptops,OU=Computers,OU=EAD,OU=DI,DC=gs,DC=doi,DC=net
DNSHostName : IGSKRD907L001.gs.doi.net
Enabled : True
msDS-SupportedEncryptionTypes : 24
