Not a problem; thanks for your efforts. I'll inspect the trace and let you know what I find.
Regards, Kristian Smith Support Escalation Engineer | Microsoft® Corporation Email: [email protected] -----Original Message----- From: Jennifer Sutton <[email protected]> Sent: Tuesday, September 23, 2025 6:08 PM To: Kristian Smith <[email protected]> Cc: Microsoft Support <[email protected]>; [email protected] Subject: Re: [EXTERNAL] [MS-KILE] PK‐INIT and KDC_ERR_GENERIC - TrackingID#2509120040008164 Hi Kristian, Sorry I missed your earlier mail. I’ve captured new traces and uploaded them to the secure share. Cheers, Jennifer (she/her) On 23/09/25 12:54 pm, Kristian Smith wrote: > Hi Jennifer, > > I sent a request for new traces last week, but I'm thinking it got stuck in a > spam filter on one end or the other. From the last traces you provided, it > seemed like the Server 2025 was looking for SHA-2 encryptions, maybe we need > to see if it's looking for PAChecksum2 as well. Can you please follow these > [same] instructions to upload a new lsass trace to this new secure share link > below? > > Lsass Tracing > 1. Download and run the TTD.appinstaller from our website using the > following link. Note: An End-User License Agreement (EULA) will appear in a > command window that you will need to approve. > a. Link: https://aka.ms/ttd/download > 2. We need to run lsass.exe as a non-protected process and disable > Shadow Stacks so that we can run the trace. Run the following commands in an > administrator-elevated PowerShell instance, then restart the machine. > Warning: This should not be done on a machine exposed to the Internet. > a. Set-ItemProperty -Path > "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "RunAsPPL" -Value 0 > b. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session > Manager\Kernel" /v "UserShadowStacksForceDisabled" /t REG_DWORD /d 1 /f > 3. When ready to repro the issue, run the following commands to create a > destination folder and begin the trace. Run the following commands in an > elevated PowerShell instance. > a. mkdir C:\Traces_$(Get-Date -format "dd-MMM-yyyy") > b. TTD -Attach ([int](Get-Process -NAME lsass | Format-Wide > -Property ID).formatEntryInfo.formatPropertyField.propertyValue) -out > C:\Traces_$(Get-Date -format "dd-MMM-yyyy")\lsass.run > c. When the small window pops up, the trace has begun and you > can now reproduce the issue. To end the trace, simply click “Tracing Off”. > 4. Once the trace operation is complete, we need to compress the .run > file created by TTD for easy transfer. Run the following command in an > elevated PowerShell instance. > a. Compress-Archive -Path C:\Traces_$(Get-Date -format > "dd-MMM-yyyy")\ -DestinationPath C:\Traces_$(Get-Date -format > "dd-MMM-yyyy").zip > b. Note: If this fails, you may need to restart the traced > process to unlock the trace for compression. Using the following command, > Lsass will restart automatically. > 1. stop-process -name lsass -force > 5. Now we must undo the security changes made prior to taking the trace. > Run the following commands in an elevated PowerShell instance, then restart > the machine. After reboot, you are safe to reconnect the computer to the > Internet. > a. Set-ItemProperty -Path > "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "RunAsPPL" -Value 1 > b. reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session > Manager\Kernel" /v "UserShadowStacksForceDisabled" /t REG_DWORD /d 0 /f > 6. Upload C:\Traces_dd-MMM-yyyy.zip to the secure file share link below > a. Link: > https://support.microsoft.com/files?workspace=eyJhbGciOiJSUzI1NiIsImtpZCI6IjJBNzk1QUQxMDNDQTM4OEZENEQzREQxQTZERkU4QTE2RDkyMkNDQkMiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiNTNlOWVjNDEtYmI5ZC00Y2UzLWJjMzMtM2ZmODkwMDZkOWRmIiwic3IiOiIyNTA5MTIwMDQwMDA4MTY0Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiZmUyNjdhMWQtOWE1Zi00MmIwLWI1MGYtNmUxY2JmOWYyZGIxIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3NTgxNTQ3NjAsImV4cCI6MTc2NTkzMDc2MCwiaWF0IjoxNzU4MTU0NzYwLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.Ad9E8Z3TJDY4k_yuZ7rp5xBlQaae1ZsyJkQTxuiCbSwo2AL7stTcqSqqCD7BSHMWSSSJHblzMtHfKJ6PGFUgHUJLsYGBQ8kPuo9aXJbNMoa2VqbfhQKrUZxxwL8UV1MsDG8PQ-WykR9SOK3a1UxbSFpRFBlbUv9Nx--Bvf-p7FrC2PjCujEp9KuN5UayfN8lIMEyQq2u9yyTXt30JbpGhGJz8ysVQA4tkWF--9TDDLyGaWWXSkNaTtTOwWKjM_UMlw_EpmrqNtpBuoMLr66UXR0iMJStnTLqy8cuHG6IeDyUo3VD7hxrTHjoO_qxmsQj7a9Z3VP2tGq1rWKVXCtc7w&wid=53e9ec41-bb9d-4ce3-bc33-3ff89006d9df > > Regards, > Kristian Smith > Support Escalation Engineer | Microsoft® Corporation > Email: [email protected] > > -----Original Message----- > From: Jennifer Sutton <[email protected]> > Sent: Sunday, September 21, 2025 4:29 PM > To: Kristian Smith <[email protected]> > Cc: Microsoft Support <[email protected]>; > [email protected] > Subject: Re: [EXTERNAL] [MS-KILE] PK‐INIT and > KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - > TrackingID#2508220040003919 > > Hi Kristian, > > I wondered if you could offer any pointers as to why Windows might be > refusing my requests? I would greatly appreciate any advice. > > Cheers, > Jennifer (she/her) > > On 12/09/25 2:03 pm, Jennifer Sutton wrote: >> Hi Kristian, >> >> Apologies for the delayed reply. I followed your advice and made sure >> that the SignedData digest algorithm was sha1NoSign, but the response >> I get from Windows is the error code KDC_ERR_GENERIC. I would >> appreciate any help as to why Windows is refusing my requests. >> >> Cheers, >> Jennifer (she/her) >> >> On 9/09/25 3:49 am, Kristian Smith wrote: >>> Hi Jennifer, >>> >>> I'm reaching out to see if you had any additional questions >>> regarding this error you received. You likely saw that Julien >>> provided some valuable information on August 28th. The following >>> document section discusses the inclusion of PAChecksum2 along with >>> the expected OID's discussed in my prior email. >>> >>> -------------------------------------------------------------------- >>> - >>> ----------------------- >>> MS-PKCA 2.2.3 PA-PK-AS-REQ >>> >>> PKAuthenticator in [RFC4556] is extended to add the following >>> PAChecksum2. If SHA-1 is disabled as a checksum algorithm >>> PAChecksum2 SHOULD be present; if this field is present, it will >>> always be validated even if it is SHA-1.<11> >>> -------------------------------------------------------------------- >>> - >>> ----------------------- <11> Section 2.2.3: The extension of >>> PKAuthenticator in PA-PK-AS-REQ applies to Windows Server 2022, 23H2 >>> operating system.and later versions. Windows Server 2022, >>> 23H2 and later DCs will send >>> back TD-CMS-DIGEST-ALGORITHMS-DATA as described in [RFC8636] section >>> 4, CMS Digest Algorithm Agility. >>> On supported versions of Windows, PAChecksum2 is validated if any >>> one of the following conditions is >>> true: >>> 1. The field is present >>> 2. If an EC algorithm is not allowed and the >>> signedAuthPack algorithm is not SHA-1 >>> 3. SHA-1 is disabled >>> -------------------------------------------------------------------- >>> - >>> ---------------------- >>> >>> Please let me know if you still have any blocking issues or concerns >>> with accuracy of the open specs. If I don't hear back from you by >>> Wednesday, I'll assume that you were able to resolve the issue and >>> I'll archive the case. >>> >>> Regards, >>> Kristian Smith >>> Support Escalation Engineer | Microsoft® Corporation >>> Email: [email protected] >>> >>> >>> -----Original Message----- >>> From: Kristian Smith >>> Sent: Sunday, August 31, 2025 7:15 AM >>> To: 'Jennifer Sutton' <[email protected]> >>> Cc: Microsoft Support <[email protected]>; 'cifs- >>> [email protected]' <[email protected]> >>> Subject: RE: [EXTERNAL] [MS-KILE] PK‐INIT and >>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - >>> TrackingID#2508220040003919 >>> >>> Hi Jennifer, >>> >>> I inspected the trace you sent. It appears that when Windows Server >>> 2025 receives the AS ticket, it's expecting one of the following >>> algorithm identifiers: >>> >>> sha512NoSign 2.16.840.1.101.3.4.2.3 sha384NoSign >>> 2.16.840.1.101.3.4.2.2 sha256NoSign 2.16.840.1.101.3.4.2.1 >>> sha1NoSign 1.3.14.3.2.26 >>> >>> but it received: >>> sha1RSA 1.2.840.113549.1.1.5 >>> >>> If you change the algorithm ID to 1.3.14.3.2.26, I believe it should >>> work. Please let me know if you have additional questions or concerns. >>> >>> Regards, >>> Kristian Smith >>> Support Escalation Engineer | Microsoft® Corporation >>> Email: [email protected] >>> >>> -----Original Message----- >>> From: Kristian Smith >>> Sent: Wednesday, August 27, 2025 3:45 PM >>> To: Jennifer Sutton <[email protected]> >>> Cc: Microsoft Support <[email protected]>; cifs- >>> [email protected] >>> Subject: RE: [EXTERNAL] [MS-KILE] PK‐INIT and >>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - >>> TrackingID#2508220040003919 >>> >>> Hi Jennifer, >>> >>> Thanks for uploading the trace. I wanted to let you know that I'll >>> be out of the office until the 2nd of September, so I'll inspect it >>> when I return. If this is an urgently blocking issue, or you have >>> other questions, please reach out to [email protected] during my >>> absence. >>> >>> Thanks for your patience. >>> >>> Regards, >>> Kristian Smith >>> Support Escalation Engineer | Microsoft® Corporation >>> Email: [email protected] >>> >>> -----Original Message----- >>> From: Jennifer Sutton <[email protected]> >>> Sent: Tuesday, August 26, 2025 7:31 PM >>> To: Kristian Smith <[email protected]> >>> Cc: Microsoft Support <[email protected]>; cifs- >>> [email protected] >>> Subject: Re: [EXTERNAL] [MS-KILE] PK‐INIT and >>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - >>> TrackingID#2508220040003919 >>> >>> Hi Kristian, >>> >>> I’ve captured traces and uploaded them to the secure file share. >>> >>> Cheers, >>> Jennifer (she/her) >>> >>> On 27/08/25 5:17 am, Kristian Smith wrote: >>>> Hi Jennifer, >>>> >>>> Thanks for giving that a try. Here are the instructions for >>>> gathering and uploading an Lsass trace: >>>> >>>> Lsass Tracing >>>> 1. Download and run the TTD.appinstaller from our website using >>>> the following link. Note: An End-User License Agreement (EULA) will >>>> appear in a command window that you will need to approve. >>>> a. Link: >>>> https://ak/ >>>> a.ms%2Fttd%2Fdownload&data=05%7C02%7Ckristian.smith%40microsoft.com >>>> % >>>> 7C75c6dd9a928749d6adae08ddf966b3a6%7C72f988bf86f141af91ab2d7cd011db >>>> 4 >>>> 7%7C1%7C0%7C638940941880760954%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1h >>>> c >>>> GkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldU >>>> I >>>> joyfQ%3D%3D%7C0%7C%7C%7C&sdata=1VcSu%2BS4kukydhanT08IBbJ1BVz8ejvik8y >>>> VDA4C%2BlY%3D&reserved=0 2. We need to run lsass.exe as a >>>> non-protected process and disable Shadow Stacks so that we can run >>>> the trace. Run the following commands in an administrator-elevated >>>> PowerShell instance, then restart the machine. Warning: This should >>>> not be done on a machine exposed to the Internet. >>>> a. Set-ItemProperty -Path "HKLM: >>>> \SYSTEM\CurrentControlSet\Control\Lsa" -Name "RunAsPPL" -Value 0 >>>> b. reg add >>>> "HKLM\SYSTEM\CurrentControlSet\Control\Session >>>> Manager\Kernel" /v "UserShadowStacksForceDisabled" /t REG_DWORD /d 1 >>>> /f 3. When ready to repro the issue, run the following commands >>>> to create a destination folder and begin the trace. Run the >>>> following commands in an elevated PowerShell instance. >>>> a. mkdir C:\Traces_$(Get-Date -format "dd-MMM-yyyy") >>>> b. TTD -Attach ([int](Get-Process -NAME lsass | Format- >>>> Wide -Property >>>> ID).formatEntryInfo.formatPropertyField.propertyValue) >>>> -out C:\Traces_$(Get-Date -format "dd-MMM-yyyy")\lsass.run >>>> c. When the small window pops up, the trace has begun >>>> and you can now reproduce the issue. To end the trace, simply click >>>> “Tracing Off”. >>>> 4. Once the trace operation is complete, we need to compress the >>>> .run file created by TTD for easy transfer. Run the following >>>> command in an elevated PowerShell instance. >>>> a. Compress-Archive -Path C:\Traces_$(Get-Date -format >>>> "dd-MMM-yyyy")\ -DestinationPath C:\Traces_$(Get-Date -format "dd- >>>> MMM-yyyy").zip >>>> b. Note: If this fails, you may need to restart the >>>> traced process to unlock the trace for compression. Using the >>>> following command, Lsass will restart automatically. >>>> 1. stop-process -name lsass -force 5. Now we >>>> must undo the security changes made prior to taking the trace. Run >>>> the following commands in an elevated PowerShell instance, then >>>> restart the machine. After reboot, you are safe to reconnect the >>>> computer to the Internet. >>>> a. Set-ItemProperty -Path "HKLM: >>>> \SYSTEM\CurrentControlSet\Control\Lsa" -Name "RunAsPPL" -Value 1 >>>> b. reg add >>>> "HKLM\SYSTEM\CurrentControlSet\Control\Session >>>> Manager\Kernel" /v "UserShadowStacksForceDisabled" /t REG_DWORD /d 0 >>>> /f 6. Upload C:\Traces_dd-MMM-yyyy.zip to the secure file share >>>> link below >>>> a. Link: https://support.microsoft.com/files? >>>> workspace=eyJhbGciOiJSUzI1NiIsImtpZCI6IjUwNjQwRTE0NEREODg5MzE5NzYzR >>>> T >>>> BFNjM5RjMzNjdFQUNDNzlBRDAiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiOGQ5OTI3ZG >>>> U >>>> tNGJhYi00ZGEzLWI0NDgtNWNlNjUyZTdkMGNkIiwic3IiOiIyNTA4MjIwMDQwMDAzOT >>>> E >>>> 5Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiZjc0NmQyNWQtZmY3MS >>>> 0 >>>> 0MjU1LWEyMmUtY2Y4MmE4Y2RmNDJiIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNW >>>> U >>>> tYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3NTYyMjgxMzUsImV4cCI6MTc2NDAwND >>>> E >>>> zNCwiaWF0IjoxNzU2MjI4MTM1LCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubW >>>> l >>>> jcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.A3gXawCQqeLZ7evd_LpSmke >>>> x >>>> JY53FfxDjTlKHYk8A7Kan-vQwCGg6UA4KWFXqFx_QNMrX3JtdLVmboAFp_dZiGJ0l0Y >>>> h >>>> VPYGqqyg4Ojb1l115bmPeF0DUaUoHabHnseTMi2opBWtKMsFg4VhLRbuo0aAi0gAP8a >>>> T >>>> 6Rf8XO8KY54B1j5cKuFj98o32y9YGvB9EUUxW3F7JYNWtWtDNoFD_GCg83k41lNqX_2 >>>> 3 >>>> XtmpV_nec74qPa4zZWxxkvnt0j0B9sqX4ImqAIahaN_T8m68LIjijR8i_c4Oc5hcUVf >>>> 7 >>>> WVpkiGrzGHy7nMxoW0ZGIPrjPrsbAiRFZvyMjan2GXUwVQ&wid=8d9927de-4bab-4d >>>> a >>>> 3-b448-5ce652e7d0cd >>>> >>>> Please let me know if you have any questions or issues with the >>>> process outlined above. Thanks for your time. >>>> >>>> Regards, >>>> Kristian Smith >>>> Support Escalation Engineer | Microsoft® Corporation >>>> Email: [email protected] >>>> >>>> -----Original Message----- >>>> From: Jennifer Sutton <[email protected]> >>>> Sent: Sunday, August 24, 2025 4:34 PM >>>> To: Kristian Smith <[email protected]> >>>> Cc: Microsoft Support <[email protected]>; >>>> [email protected] >>>> Subject: Re: [EXTERNAL] [MS-KILE] PK‐INIT and >>>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - >>>> TrackingID#2508220040003919 >>>> >>>> Hi Kristian, >>>> >>>> I enabled the two group policies and set all of the algorithms to >>>> ‘supported’, but I still get the same >>>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED error code. >>>> >>>> Cheers, >>>> Jennifer (she/her) >>>> >>>> On 23/08/25 4:44 am, Kristian Smith wrote: >>>>> [Jeff to Bcc] >>>>> >>>>> Hi Jennifer, >>>>> >>>>> From the code, the most likely reason you’re seeing this error >>>>> is because Server 2025 is rejecting the chosen hashing algorithm. >>>>> Please visit the following link to see the security baseline >>>>> updates for Server >>>>> 2025: >>>>> >>>>> Windows Server 2025, security baseline | Microsoft Community Hub >>>>> <https://te/ >>>>> c%2F&data=05%7C02%7Ckristian.smith%40microsoft.com%7C8c5bb4bbfce04 >>>>> 7 >>>>> 79 >>>>> 6e7a08dde511cb6a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6389 >>>>> 1 >>>>> 85 >>>>> 86803864335%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOi >>>>> I >>>>> wL >>>>> jAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C >>>>> % >>>>> 7C >>>>> %7C&sdata=XOwQuM8Ii8dKdKAbmB2OH%2BUogzTPXd9a1Ay2R57WZHI%3D&reserve >>>>> d >>>>> =0 >>>>> hcommunity.microsoft.com%2Fblog%2Fmicrosoft-security-baselines%2F& >>>>> d >>>>> at >>>>> a >>>>> =05%7C02%7Ckristian.smith%40microsoft.com%7Cdffe00b00b7d45ba347d08 >>>>> d >>>>> de >>>>> 3 >>>>> 66c665%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63891675276512 >>>>> 3 >>>>> 65 >>>>> 1 >>>>> %7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwM >>>>> C >>>>> Is >>>>> I >>>>> lAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata >>>>> = >>>>> Jt >>>>> 7 >>>>> TY3EL6hF%2FAiChKPpfLu27s1HQBLSCoFxay8of5HE%3D&reserved=0 >>>>> windows-server-2025-security-baseline/4358733> >>>>> >>>>> If you scroll down to “Configure hash algorithms for certificate >>>>> logon”, you’ll see what I think is applicable to this scenario. >>>>> There are 2 group policies that may help in testing: >>>>> >>>>> Computer Configuration->Administrative >>>>> Templates->System->KDC->Configure hash algorithms for certificate >>>>> logon >>>>> >>>>> Computer Configuration->Administrative >>>>> Templates->System->Kerberos- >>>>>> Configure hash algorithms for certificate logon >>>>> >>>>> These should allow you to explicitly allow certain hashing algorithms. >>>>> If this does not work, let me know and I’ll send the instructions >>>>> to gather an LSASS trace to look a bit deeper into your scenario. >>>>> >>>>> *Regards,* >>>>> >>>>> *Kristian Smith* >>>>> >>>>> Support Escalation Engineer | Microsoft® Corporation >>>>> >>>>> *Email*: [email protected] >>>>> <mailto:[email protected]> >>>>> >>>>> *From:*Jeff McCashland (He/him) <[email protected]> >>>>> *Sent:* Friday, August 22, 2025 6:43 AM >>>>> *To:* Jennifer Sutton <[email protected]>; >>>>> [email protected] >>>>> *Cc:* Microsoft Support <[email protected]> >>>>> *Subject:* Re: [EXTERNAL] [MS-KILE] PK‐INIT and >>>>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - >>>>> TrackingID#2508220040003919 >>>>> >>>>> Hi Jennifer, >>>>> >>>>> Thank you for your question. We have created SR 2508220040003919 >>>>> to track this issue. One of our engineers will respond soon to assist. >>>>> >>>>> Best regards,* >>>>> /Jeff M/**/^c /**/Cashland (He/him) /**| Senior Escalation >>>>> Engineer >>>>> | Microsoft Corporation* >>>>> >>>>> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: >>>>> (UTC-08:00) Pacific Time (US and Canada) >>>>> >>>>> Local country phone number found here: >>>>> _http://sup/ >>>>> p%2F&data=05%7C02%7Ckristian.smith%40microsoft.com%7C8c5bb4bbfce04 >>>>> 7 >>>>> 79 >>>>> 6e7a08dde511cb6a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6389 >>>>> 1 >>>>> 85 >>>>> 86803871849%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOi >>>>> I >>>>> wL >>>>> jAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C >>>>> % >>>>> 7C >>>>> %7C&sdata=czHvPWTX%2BNPTRPbUWUhJafF%2FipmfgZH3BkIQj1U0CAU%3D&reser >>>>> v >>>>> ed >>>>> =0 >>>>> ort.microsoft.com%2F&data=05%7C02%7Ckristian.smith%40microsoft.com >>>>> % >>>>> 7C >>>>> d >>>>> ffe00b00b7d45ba347d08dde366c665%7C72f988bf86f141af91ab2d7cd011db47 >>>>> % >>>>> 7C >>>>> 1 >>>>> %7C0%7C638916752765137051%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGki >>>>> O >>>>> nR >>>>> y >>>>> dWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ >>>>> % >>>>> 3D >>>>> % >>>>> 3D%7C0%7C%7C%7C&sdata=FK7r2TWrlUzjdeiPQ4rDZDAh4CPDSOCJtsl6Z28Hvrk% >>>>> 3 >>>>> D& >>>>> r >>>>> eserved=0 globalenglish >>>>> <http://sup/ >>>>> p%2F&data=05%7C02%7Ckristian.smith%40microsoft.com%7C8c5bb4bbfce04 >>>>> 7 >>>>> 79 >>>>> 6e7a08dde511cb6a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6389 >>>>> 1 >>>>> 85 >>>>> 86803879285%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOi >>>>> I >>>>> wL >>>>> jAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C >>>>> % >>>>> 7C >>>>> %7C&sdata=NYTsg5I7H%2BjZlAS6cXLBLrAwRSFQVcj3osz6Loc1yY4%3D&reserve >>>>> d >>>>> =0 >>>>> ort.microsoft.com%2Fglobalenglish&data=05%7C02%7Ckristian.smith%40 >>>>> m >>>>> ic >>>>> r >>>>> osoft.com%7Cdffe00b00b7d45ba347d08dde366c665%7C72f988bf86f141af91a >>>>> b >>>>> 2d >>>>> 7 >>>>> cd011db47%7C1%7C0%7C638916752765146291%7CUnknown%7CTWFpbGZsb3d8eyJ >>>>> F >>>>> bX >>>>> B >>>>> 0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpb >>>>> C >>>>> Is >>>>> I >>>>> ldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Y2BYZ16uGk6ZzUpN4oiZnIEx9n4vgrM >>>>> Z >>>>> ml >>>>> 6 >>>>> B26IALaM%3D&reserved=0>_ | Extension >>>>> 1138300 >>>>> >>>>> ------------------------------------------------------------------ >>>>> - >>>>> -- >>>>> - >>>>> -- >>>>> >>>>> *From:* Jennifer Sutton <[email protected] >>>>> <mailto:[email protected]>> >>>>> *Sent:* Thursday, August 21, 2025 10:10 PM >>>>> *To:* [email protected] <mailto:cifs- >>>>> [email protected]> <[email protected] >>>>> <mailto:cifs- [email protected]>>; Interoperability >>>>> Documentation Help <[email protected] >>>>> <mailto:[email protected]>> >>>>> *Subject:* [EXTERNAL] [MS-KILE] PK‐INIT and >>>>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED >>>>> >>>>> Hi dochelp, >>>>> >>>>> I’m performing tests against Windows Server 2025 and finding that >>>>> PK‐INIT requests always receive the response >>>>> KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED. The same requests made >>>>> to Windows Server 2019 succeed. Could you help me find out why I’m >>>>> getting this error? >>>>> >>>>> Cheers, >>>>> Jennifer (she/her) >>>>> >>>> >>> >> > _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
