Enabling encryption for the domain user

Last Updated : Jun 05, 2026 |

About this task

In FIPS mode, Kerberos uses Advanced Encryption Standard (AES). By default, support for Kerberos AES authentication is disabled for Active Directory users. Use this procedure to enable encryption support for the domain user that is mapped to the Avaya Aura® Web Gateway SPN.

This procedure is only required if FIPS is enabled on Avaya Aura® Web Gateway.

Before you begin

Generate a keytab file as described in Setting up the Windows Domain Controller.

Procedure

  1. In Active Directory, select the domain user that is mapped to the Avaya Aura® Web Gateway SPN.

    For example: aads_spn_user.

  2. Open the domain user properties.
  3. Click the Account tab.
  4. In the Account options area, do one of the following:

    • If you used the AES256–SHA1 encryption type when generating a keytab file, select the This account supports Kerberos AES 256 bit encryption check box.

    • If you used the AES128–SHA1 encryption type when generating a keytab file, select the This account supports Kerberos AES 128 bit encryption check box.

  5. Click OK.