VMware vSphere

How do I eliminate the warning about RC4 cipher being used by the VCSA on my domain controller System log?

As described in the Q&A in KB92568 :

1.  Make a backup copy of /etc/krb5.conf
2.  Edit /etc/krb5.conf, removing the keyword "RC4-HMAC" from the lines configuring default_tgs_enctypes, default_tkt_enctypes, and preferred_enctypes. 
For example:
    [libdefaults]
      default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC
      default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC
      preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC
3.  Restart vCenter.​

But after doing above, I continue to get the same event warning in System log on domain controllers:

Log Name:      System
Source:        NETLOGON
Date:          12/12/2023 12:12:23 AM
Event ID:      5840
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      DC003.corp.com
Description:
The Netlogon service created a secure channel with a client with RC4.  
 Account Name: SVCENTER$ 
 Domain: corp.com. 
 Account Type: Domain Member 
 Client IP Address:  
 Negotiated Flags: 6007ffff  
For more information about why this was logged, please visit  https://go.microsoft.com/fwlink/?linkid=2209514.

So I wonder? Does the msDS-SupportedEncryptionTypes computer object attribute need to be defined? Shown next is the Active Directory Users and Computers SVCENTER computer object property:

These links are references I've already reviewed:

• https://kb.vmware.com/s/article/92568 
• https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25 
• https://learn.microsoft.com/en-us/archive/blogs/openspecification/msds-supportedencryptiontypes-episode-1-computer-accounts

I opened a case with VMware technical support to resolve this matter.

Removal of the RC4 cipher per KB92568 was insufficient. In addition, in our situation was that previously vCenters had enabled the Identity Provider > Active Directory Domain option. (This is no longer recommended and is a hold-over from prior versions of vCenter when hosted on a Windows computer instead of the newer appliance-based Photon OS vCenter.)

Solution is to Leave AD. But when using the vCenter web GUI, under "Administration > Single Sign-On > Configuration > Active Directory Domain section, note the vCenter objects listed  > Select svcenter > Leave AD" this gave error "Idm client exception: Error trying to leave AD, error code [41887], user [admin@CORP.COM]"

I did a Google search, found a known problem for vCenter 6.7 https://kb.vmware.com/s/article/50112055 which directed me to use the CLI. Subsequently confirmed that this also applies to vCenter 7.0 

I disabled the AD computer objects for the vCenter servers, and then after a few days deleted the computer objects from AD entirely.