Azure Files Storage Account Kerberos Failures after Active Directory November 8 Kerberos Update - RC4-HMAC encryption

[desmphil]

Azure Files Storage Account Kerberos Failures after Active Directory November 8 Kerberos Update - RC4-HMAC encryption

KB5021131: How to manage the Kerberos protocol changes related to CVE-2022-37966

Im trying to change the Storage Account Encryption to 256, it worked for a lot of storage account but not all of them.

These Azure Files Storage Active Directory integrated where created more than 2Years ago at release.

PS C:\windows\system32> Update-AzStorageAccountAuthForAES256 -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName

Get-AzStorageAccountADObject : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADComputer'
required by parameter 'Identity'. Specified method is not supported.
At C:\LOGS\AzFilesHybrid.psm1:3767 char:33

•     $azureStorageIdentity = Get-AzStorageAccountADObject `
  

•                             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (:) [Get-AzStorageAccountADObject], ParameterBindingException
  • FullyQualifiedErrorId : CannotConvertArgument,Get-AzStorageAccountADObject

You cannot call a method on a null-valued expression.
At C:\LOGS\AzFilesHybrid.psm1:3772 char:9

•     $samAccountName = $azureStorageIdentity.SamAccountName.TrimEn ...
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [], RuntimeException
  • FullyQualifiedErrorId : InvokeMethodOnNull

Set-StorageAccountDomainProperties : AD object epqsystemdata is of unsupported object class .
At C:\LOGS\AzFilesHybrid.psm1:4321 char:13

•         Set-StorageAccountDomainProperties `
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-StorageAccountDomainProperties