3 Replies Latest reply on Sep 17, 2018 8:59 AM by LucD

    connect-viserver not passing thru user credentials in Windows 2016

    GalNeb Enthusiast

      I have been fighting this for quite some time.  When I run "connect-viserver servername" it will prompt me for the logon credentials in our Windows 2016 jump box, but it works just fine in our older 2008 jump boxes.  PowerCLI is the latest version on both, so is our VCSA 6.5, external PSC.  Both the VCSA and PSC are joined to the domain.

      I have boiled this down to an encryption problem.  Due to DOD STIG (security) requirements, the registry key HKLM/software/microsoft/windows/currentversion/policies/system/kerberos/parameters/SupportedEncryptionTypes is different in Windows 2016.  in 2016 it is 7ffffff8, in 2008 it is 7ffffffc.  Changing this value fixes the problem.  This bit change controls RC4-HMAC.  In other words, we have to enable RC4-HMAC to allow PowerCLI to properly pass thru the credentials.  This is not acceptible on soooo many levels.

      How do we get PowerCLI to properly passthru credentials without enabling RC4-HMAC?