- Flexera Community
- :
- App Broker
- :
- App Broker Forum
- :
- For AppPortal, raised encryption standards on KDC server require extra AD account configuration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the environment's Active Directory KDC server has raised encryption levels, then any AD account, including the AppPortal service account, will require the "This account supports Kerberos AES 256 bit encryption" option to be checked ON in the AD user object.
If this is not done, then a number of symptoms can be seen:
1) user specifc logs in \Program Files (x86)\Flexera Software\App Portal\Logs\UserLog will show an error like:
Unable to detetct group membership for user : DOMAIN\USERACCOUNT The encryption type requested is not supported by the KDC.
2) IIS logs will show that the user can authenticate to the AppPortal UI, but when clicking through to parts of the configuration the following notification will be seen on the main pane:
You do not have access to this area.
I found this while testing AppPortal 2021R2, however I believe the behaviour is the same across other versions.
Further reading:
https://docs.microsoft.com/en-us/sharepoint/troubleshoot/security/configuration-to-support-kerberos-aes-encryption
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See original post for "answer".
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See original post for "answer".
