Need to generate a keytab file that is AES256-SHA1 not rc4-hmac 

The command we followed from the docs 
ktpass -princ http/[email protected] -mapuser <service_userName> -pass <password> -out kerberos.keytab

There are additional parameters you can specify with ktpass to specifically set the crypto 

Generate keytab file from AD:

ktpass -out <keytab_name>.keytab -princ http/<gateway_hostname>@<KERBEROS_REALM> -mapUser ADDOMAIN\<service_account> -mapOp set -pass firewall -crypto AES256-SHA1 -pType KRB5_NT_PRINCIPAL