I have an ISE 2.7 patch 7 distributed deployment that is bound to AD.
AD was recently patched with regards to CVE-2022-38023. Since then, the AD admins are reporting that the PSNs are appearing in their logs every few hours with "The Netlogon service encountered a client using RPC signing instead of RPC sealing)."
I've tried to replicate the issue with a Test User Authentication from ISE with Authentication Type set to Kerberos but this doesn't appear in the AD logs with the error. Has anyone else experienced this behaviour with ISE and AD patched for CVE-2022-38023?
From my reading of both the Cisco bug and the MS knowledgebase article, it looks like I'll run into the Cisco bug when the AD CVE-2022-38023 patch goes into its enforcement phase in April 2023. I've opened a TAC case to confirm.
This statement is incorrect. AFAIK the issue is usually due to some element in the AD infrastructure is still using RC4 and tells ISE to communicate with RC4 as the etype. Customers thought the issue would have gone away if ISE did not support RC4 at all.