Invalid Credential Error when Logging into Console After Upgrade to Data Insight 6.4

Problem

After upgrading to Data Insight 6.4, an error regarding Invalid Credentials is reported in the Data Insight (DI) Console.

Error Message

ADCLI.LOG

YYYY-MM-DD HH:MM:SS ERROR: V-378-1305-35: #{9420} client_ctxt: InitializeSecurityContext failed with value[80090342][The encryption type requested is not supported by the KDC.].
YYYY-MM-DD HH:MM:SS INFO: V-378-1305-47: #{9420} User Credentials for[User1] are NOT valid for Negotiate authentication.
YYYY-MM-DD HH:MM:SS INFO: V-378-1304-155: #{9420} [wmain: 911] Adcli authenticate mode exiting with error code[1].

Cause

The Data Insight user doe not have the proper Kerberos encryption settings enabled

OR

The Kerberos Key Distribution Service needs to be restarted on the Active Directory Server

To confirm the proper solution for the environment, check the following:

On the local machine, open the Local Security Policy Management Console and navigate to Computer Configuration - Windows Settings - Security Settings - Local Policies - Security Options 

Locate the entry for Network security: Configure encryption types allowed for Kerberos and check if it is set to AES128_HMAC_SH1, AES256_HMAC_SHA1, Future encryption types

If that is the setting, follow Solution 1 below

If that is not the setting, follow Solution 2 below

Solution

Solution 1:

1. Enable AES Encryption for the Data Insight user account
   1. Open Active Directory Users and Computers on the Active Directory server
   2. Browse to the Data Insight user account, right-click and select Properties
   3. Select the Account tab
   4. Under Account Options, select both boxes for the following:
      1. This account supports Kerberos AES 128 bit encryption
      2. This account supports Kerberos AES 256 bit encryption
   5. Select Apply, followed by OK
   6. Restart the DataInsightWeb Service

Solution 2:

1. Restart the Kerberos Key Distribution Service on the Active Directory Server