We have application which was using by Customer and customer like to update authentication from our application to AD from NTLM to Kerberos. Based on this article, it may have to be done by early 2022.
In the document below, it is listing the different levels that are required, and Microsoft is stating that RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher is required shortly. Right now the error we are having on their DC's from Our application authentications is that the user in our AD scope under passive ID for monitoring is attempting to connect to our domain at too low of a security level.
https://docs.microsoft.com/en-us/windows/win32/rpc/authentication-level-constants
In our application Admin Web UI we are geeing the issue: The connection was tested on '' PassiveID active node. Connection to 'ws2022-a.lab2022.local' failed. Access is denied. Please check credentials, permissions and configure the Windows machine for WMI access.
In AD event viewer > Administrative Events: 10036 Errors. which says that
"The server-side authentication level policy does not allow the user LAB2022\dev-admin SID (S-1-5-21-4164125427-177154609-51000486-1108) from address to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application".
Can anyone help me how we can fix the issue from application side since MS workaround was not working(disabling the registry key in DC)? we found some possible solution from sourceforge forum site discussion (https://sourceforge.net/p/j-interop/discussion/600729/thread/731d99133f/) that need to fix the issue in third party library j-interop-ng and tried the solution to set the sign and seal flags in JIComserver.java before init() block but not worked as expected.
We are using j-interop-ng-3.0.jar in our application and need some quick solution to fix the issue further to work the WMI provider.
