none
the Hadoop machine account and the FIM server raising the Encryption downgrade activity ATA alerts

    Question

  • Hello,

    I received quite a few "Encryption downgrade activity" ATA alerts.

    I noticed that the encryption method of the Encrypted_Timestamp field of AS_REQ message from the Hadoop machine account had been downgraded based on previously learned behavior and also that the encryption method of the TGT field of TGS_REQ message from the FIM server had been downgraded based on previously learned behavior. This keeps happening over and over again for some reasons.

    Do you know, by any chance, what might cause the encryption downgrade activity on the Hadoop machine account as well as the FIM server?

    Thank you very much in advance.

    Regards,
    MSSOC
    Saturday, February 10, 2018 7:02 AM

All replies

  • Hi,

    Can you please share with us the details of the SA(the excels)?

    You can contact me privately using atashare at microsoft com, please mention a link to this post.

    Sunday, February 11, 2018 3:32 PM