<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta ASA AD Joined Unable to Passwordless RDP with Error Message "The encryption type requested is not supported by the KDC"
Sep 18, 2025
Okta Classic Engine
Okta Identity Engine
Advanced Server Access
Overview

Okta Advanced Server Access (ASA) Passwordless Remote Desktop Protocol (RDP) fails with the following error.

 

The encryption type requested is not supported by the KDC.

 

RDP through ASA AD-joined works with a password.

Applies To
  • Okta Advanced Server Access (ASA) Active Directory (AD) Joined 
  • Passwordless Remote Desktop Protocol (RDP)
  • Group Policy Object (GPO)
Cause

This can happen when the GPO setting Computer configuration > Policies > Windows Settings > Security Settings > Local Policies/Security Options > Network security: configure encryption types allowed for Kerberos is not set to Not Defined, and the needed encryption types are not selected.

Also, if the Local setting is defined, then it overrides the global GPO of Not Defined.

Solution

Make sure both local and global GPO Network security: configure encryption types allowed for Kerberos are set to Not Defined.

 

OR

 

Both should have the same settings with AES128, AES256, and future encryption types enabled.

Recommended content

Still looking for help?
Loading
Okta ASA AD Joined Unable to Passwordless RDP with Error Message "The encryption type requested is not supported by the KDC"