Microsoft Just Killed RC4 Encryption.

aveva-pi
June 03, 20261 min read

Microsoft just killed RC4 encryption.

If you use PI Vision, AF, or PI Web API with Kerberos delegation — you need to act now.

The April 2024 Windows patch hardened Kerberos security by disabling RC4 by default.

No warning. No grace period.

Just broken delegation and this error:
KDC_ERR_ETYPE_NOTSUPP

I've seen teams spend days troubleshooting this.

They check service accounts.
They check SPNs.
They check firewall rules.

But the problem is simpler:

Your domain controller no longer accepts the encryption type your PI servers are requesting.

The fix:

1. Go to Local Security Policy → Network Security
2. Enable AES128 and AES256 for Kerberos
3. Update service accounts on AF, Data Archive, and web servers
4. Reset the Kerberos flags in Active Directory for each account

Repeat for every server involved in the delegation chain.

This isn't optional anymore.

RC4 is end of life.
AES is the only path forward.

If your PI Vision displays stopped loading user-specific data after April 2024 — start here.

https://www.linkedin.com/posts/rickykwokshingsun_pisystem-pivision-kerberos-share-7462999515621462016-7YCu/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAB4z6sMBj_XswUMU5Zr6gsjsaPuYYvtXAIQ

AVEVA PI SystemPI VisionPI Web APIPI Asset FrameworkRC4 EncryptionAES256Active DirectoryWindows Security Update
Ricky Sun

Ricky Sun

Ricky Sun is the founder of SunLead Technologies, an industrial data infrastructure engineering firm based in Calgary, Canada. He specializes in modernizing operational data systems for energy companies, with deep expertise in industrial historian platforms including AVEVA PI System, Canary Historian, and modern time-series architectures. Ricky’s work focuses on PI System migrations, Asset Framework (AF) restructuring, and historian modernization executed inside live production environments. He works closely with system integrators and energy operators to stabilize industrial data infrastructure, improve operational visibility, and prepare operational data for advanced analytics and AI. Through technical content, industry collaboration, and conferences, Ricky actively contributes to the industrial data and Industry 4.0 community, helping organizations build reliable data foundations for digital operations.

LinkedIn logo icon
Youtube logo icon
Back to Blog