Need to generate a keytab file that is AES256-SHA1 not rc4-hmac
The command we followed from the docs
ktpass -princ http/[email protected] -mapuser <service_userName> -pass <password> -out kerberos.keytab
There are additional parameters you can specify with ktpass to specifically set the crypto
Generate keytab file from AD:
ktpass -out <keytab_name>.keytab -princ http/<gateway_hostname>@<KERBEROS_REALM> -mapUser ADDOMAIN\<service_account> -mapOp set -pass firewall -crypto AES256-SHA1 -pType KRB5_NT_PRINCIPAL