In May 2022, a security update was introduced that changes the Active Directory Kerberos Key Distribution (KDC) behavior on Windows Server 2008 and later versions when validating certificates during certificate-based authentication. However, there is an option to move back to Compatibility mode until September 2025.
More details and information are provided on Microsoft’s support pages here: KB5014754—Certificate-based authentication changes on Windows domain controllers
| Note |
|---|
Important date: February 11 2025 |
...
| Info |
|---|
Nexus has published an awareness advisory to assist customers and partners to better understand the impact and best way to address it. See https://www.nexusgroup.com/nexus-awareness-advisory-on-microsofts-update-kb5014754/ for further information. For more technical details, also see Map objectSid certificate for KB5014754. |
...