Solved: RC4 kerberos, i can disable ?

mulbzh · ‎2026-03-16

hello and sorry for my english,

I have ONTAP 9.15 and domain controlers windows 2025.

i did audit on my controlers and i see that my SVM (all) use RC4 kerberos encryption. On ontap, i used command :
"vserver cifs security show -vserver vserver_name -fields advertised-enc-types"

and i can see response : rc4,des

So i think is not good because Microsoft wil disable RC4

on my SVM, can i pass this command without troubles : vserver cifs security modify -vserver vserver_name -advertised-enc-types aes-128,aes-256

what is the impact ? my SVM is use for SMB share

thanks

parisi · ‎2026-03-17

Have a look here:

Can RC4 encryption for Kerberos-based communication be disabled? - NetApp Knowledge Base

View solution in original post

mulbzh · ‎2026-03-16

i pasted the command, no impact for the moment.

But, after pasted the command, for somes SVM account in active directory, the attribute msDS-SupportedEncryptionTypes change to 24 (AES128 + AES256) but for others SupportedEncryptionTypes stay on 6 (RC4). In ONTAP all are in aes-128,aes-256.
what i have to do for account in active directiry didn't change ?

vserver cifs domain password reset -vserver svm-name ?

parisi · ‎2026-03-17

Have a look here:

Can RC4 encryption for Kerberos-based communication be disabled? - NetApp Knowledge Base

RC4 kerberos, i can disable ?

And the Legacy Continues! 🏆