Help System

Using the Help Search
Using the Help Search
  • Phrase:Returns all topics that contain the exact phrase in the search criteria. Use quotation marks around the phrase.
    Ex."system administration"
  • And:Returns all topics that contain all the words in the search criteria, in any combination. Insert a plus sign between all words in the search criteria.
    Ex.system + administration
  • Or:Returns all topics with any combination of words in the search criteria. This is the default.
    Ex.system administration
For more information:Searching Online Help

The encryption type requested is not supported by the KDC

Cobra Web Service with Windows authentication requires encryption algorithms. If the service account that you created for the Cobra Web Service is not properly configured to support these algorithms, the Cobra Web Service log displays an error.

The error is: "System.ComponentModel.Win32Exception: The encryption type requested is not supported by the KDC."

To view the debug log and determine the error:
  1. Navigate to the following folder of the machine where the Cobra Web Service is configured and deployed: <Dedicated Windows Account>\Documents\Deltek\Cobra\Log.
    Note: Basically, this is the machine where Cobra is installed. If you are using concurrency, this is the Cobra Concurrency machine.
  2. Locate the following file and open it using a text editor (such as Notepad) and look for the error message.
    • WebServiceDebugLog_<port>.xml
      Note: <port> is the port in the Cobra Web Service URL.
    • WebServiceGatewayDebugLog.xml file (if you are using concurrency)
  3. Refer to the following table for the error message and its solution.
    Error Message System.ComponentModel.Win32Exception: The encryption type requested is not supported by the KDC.
    Description The error is usually encountered if you are using Cobra Web Service with Windows authentication and the service account you created is not properly configured to support encryption algorithms.
    Solution Details
    Enable the AES encryption for the service account.

    To enable AES encryption:

    1. Open Active Directory Users and Computers.

    2. In the Group Policy Management Editor, expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.

    3. Right-click Network security: Configure encryption types allowed for Kerberos and click Properties.

    4. Click the Account tab.

    5. Under Account options, select one or both of the following:
    • This account supports Kerberos AES 128 bit encryption.
    • This account supports Kerberos AES 256 bit encryption.

    6. Click OK.

    Configure the network security using the Group Policy Management console.

    To configure the network security:

    1. Open the Group Policy Management console and edit a new or existing GPO.

    2. In the Group Policy Management Editor, expand Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.

    3. Right-click Network security: Configure encryption types allowed for Kerberos and click Properties.

    4. On the Security Policy Setting tab, select the Define these policy settings checkbox.

    5. Select the following options:
    • RC4_HMAC_MD5
    • AES128_HMAC_SHA1
    • AES256_HMAC_SHA1
    • Future encryption types

    6. Click OK.

    Additional Information

    Refer to the following articles from Microsoft: