You need to correctly create an authentication account according to the creation operation. After the authentication account is successfully created, you should use the default encryption algorithm, that is, ensure that msDS-SupportedEncryptionTypes of the authentication account is set to not set. Figure 1 shows the interface.
Figure 1 Default encryption algorithm of the authentication account
If the encryption algorithm of Microsoft Windows 7 is incorrectly specified, perform the following steps:
1. Log in to Microsoft Windows 7 with the Administrator account.
2. Open the Run window.
3. Enter gpedit.msc, and click OK.
The Local Computer Policy Editor window is displayed.
4. In the navigation tree, choose Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
5. Right-click Network security:Configure encryption types allowed for Kerberos in the right window and select Properties.
6. Deselect AES128_HMAC_SHA1 and AES256_HMAC_SHA1 on the Local Security Settings tab.
Figure 2 shows the interface.
Figure 2 Deselecting AES128_HMAC_SHA1 and AES256_HMAC_SHA1
7. Click OK.
8. Close the Local Computer Policy Editor window and authenticate again.