Is anyone else experiencing difficulties with users ability to change passwords since applying MS16-101
Workaround 1, opening port 464, has solved the problem but this seems like a less secure option. Ideally, the communication between the virtual desktop, connection server and domain controller would use Kerberos instead of NTLM.
It would appear that currently, the horizon view client authenticates with the connection server which then authenticates against the domain controller. Perhaps it uses NTLM instead of Kerberos? I am surprised that there are not more posts like this.
The message that users get is "The system detected a possible attempt to compromise security. Please ensure htat you can contact the server that authenticated you."