I have configured “Network security: Configure encryption types allowed for Kerberos” and selected RC4 along with both AES options however RC4 does not get enabled unless I uncheck every other option apart from RC4. I’m testing this by using a Windows XP client however this obviously affects many other applications that also only support RC4 encryption, including a lot of Linux clients.
I assume what’s going on is Windows is attempting to authenticate using a higher encryption type than what the requesting client support aka even though the server has RC4 enabled, it doesn’t use it unless it’s the only enabled encryption type. It works in Windows Server 2016 however something in 2019 is preventing the correct encryption type from being negotiated.
I’ve tried setting the registry key Kerberos/Parameters/DefaultEncryptionType to RC4 but it doesn’t help.