All ESXi hosts (ESXi 6.7 P01) are member of a Windows domain.
Currently, and as a legacy, all ESXi hosts have DES and RC4 as Kerberos Encryption Type on their Active Directory domain account.
When AES128 or AES256 is added to the Kerberos Encryption Type,
the most secure takes over and direct authentication to an ESXi host fails:
- authentication with an URL like https://hostname.domain.com/ui/#/login
- authentication via Python (used by a Nagios check):
wbemclient = pywbem.WBEMConnection(hosturl, (user,password))
Meanwhile, these authentication methods have no problem:
- VMware PowerCli direct connections:
Connect-VIServer -Server hostname.domain.com
- Connection to the vSphere web page
How can AES be enabled for the authentication process on individual ESXi hosts?