The message "Server response: The encryption type requested is not supported by the KDC" occurs after trying to connect to a SAS® server with Kerberos


When you are using Integrated Windows Authentication to authenticate, the following error might be generated:

Server response: The encryption type requested is not supported by the KDC.

The error appears when the object that is running the service does not support the encryption type supported for the SAS server.

For example, the screenshot below indicates that the account sas_spawner_svc supports the encryption settings The account supports Kerberos AES 128 bit encryption and The account supports Kerberos AES 256 bit encryption.

 

Properties

 

For more detail about this issue, see Windows Configurations for Kerberos Supported Encryption Type.

Resolution

On the SAS server, check which types of encryption are enabled.

  1. On the server, start the Local Security Policy Editor (secpol.msc).
  2. Expand Security Settings ► Local Policies ► Security Options.
  3. Locate Network Security: Configure encryption types allowed for Kerberos.
  4. Select Properties. This policy setting allows you to set the encryption types that Kerberos is allowed to use.

Now verify within Microsoft Active Directory which encryption settings are set for the computer or user running the SAS service. Ensure that the object accepts the set encryption type for the server.