APM Active Directory Change Password
Hi,
I have an APM 11.6.0 policy configured to authenticate against Active Directory (working fine) using a 2012 R2 domain controller. I try to enable the password_change checkbox in the logon page settings (works fine, box shows up, can enter credentials and password to change) but the password change fails.
I did a packet capture and it looks like Kerberos is failing with this error:
KRB_ERROR_RESPONSE_TOO_BIG
I have Kerberos pre-auth set to AES256. Looks like kerberos is using UDP. I tried creating a new user for kerberos to authenticate that was only apart of Domain Admins (there was an article here)
I had set this up previously in a different lab on 11.5.x and it was working fine (think that was a 2012 non R2 domain controller however)
Any help appreciated! If it makes any difference, it is an AWS F5 AMI.