GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

What product/components do you use and which version/fix level?

MWS_10.3_Fix20

Are you using a free trial or a product with a customer license?

Fully licensed.

What are trying to achieve? Please describe in detail.

Kerberos authentication with MwS

Do you get any error messages? Please provide a full error message screenshot and log file.

2021-11-24 11:23:14 CET (SpnegoFilterWrapper:INFO) [qtp1476620629-362] - Error while processing Kerberos token GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

Steps to reproduce:

  1. Install MwS.
  2. Install fixes available on 6th October 2021.
  3. Set up HTTPS (TLS).
  4. Set up Kerberos configuration (jaas.config, keytab file, Admin UI → Kerberos Authentication Administration).

Steps tried to resolve the error:

  1. All steps from this answer except step no. 2 since I have not created the keytab file myself.
    The keytab file supports the following encryption type:
ITDC # klist -k /path/to/file.keytab -K -e
Keytab name: FILE:/path/to/file.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 HTTP/hostname@DOMAIN (arcfour-hmac)  (0x123456789)

So my question is:

Where can I find the respective Kerberos settings (defining the allowed encryption types) of MwS?