Hello Marc-André,
I did a simple install from scratch of a Windows Server 2025 Standard and created a new forest from this single DC.
No other configuration was attempted and the KPSSVC service is not running.
I installed the Remote Desktop Gateway role.
After installation, the KPSSVC is running with the following parameters:
PS C:\Users\Administrateur> Get-ItemProperty -Path Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KPSSVC\Settings
DisallowUnprotectedPasswordAuth : 0
HttpsClientAuth : 0
HttpsUrlGroup : {+:443, , , ...}
It also created HTTP urlacl for both "https://+:443/kdcproxy" (all lowercase) and "https://+:443/remoteDesktopGateway" (exact capitalisation).
It seems these are the exact parameters you are using (plus a little something ;-).
I will install a certificate tomorrow and see if I can get Kerberos tickets over HTTPS.
I will appreciate your comments.
Regards,
Hello Marc-André,
I did a simple install from scratch of a Windows Server 2025 Standard and created a new forest from this single DC.
No other configuration was attempted and the KPSSVC service is not running.
I installed the Remote Desktop Gateway role.
After installation, the KPSSVC is running with the following parameters:
It also created HTTP urlacl for both "https://+:443/kdcproxy" (all lowercase) and "https://+:443/remoteDesktopGateway" (exact capitalisation).
It seems these are the exact parameters you are using (plus a little something ;-).
I will install a certificate tomorrow and see if I can get Kerberos tickets over HTTPS.
I will appreciate your comments.
Regards,