Hello everyone we get this event in the DC
The Netlogon service has created a secure channel with a client with RC4.
Account name: VC$
Domain: hello.local
Account Type: Domain Member
Customer IP Address:
Negotiated Flags: 6007ffff
For more information about why this was registered, visit https://go.microsoft.com/fwlink/?linkid=2209514.
If you encounter Event 5840, this is a sign that a client in your domain is using weak cryptography or RC4.
I have seen in the configuration file /etc/krb5.conf in the vcenter this comes up
default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC
I have looked at the kerberos ticket in the vcenter and I get Aes256 encryption and not RC4.
Ticket cache: FILE:/tmp/krb5cc_0
Default main: user@hola.local
Valid starting Expires Service principal
01/27/2025 12:00 01/28/2025 12:00 krbtgt/hola.local @hola.local
Etype (encryption type): aes256-cts-hmac-sha1-96
I understand that I don't have to do anything since the vcenter account is already encrypting in AES256 and not RC4.
Or do I have to do something else?
Thanks in advance