Symptoms:
Note: Greenfield deployments of 8.16.2 are not impacted.
Unsupported mechanism requested: 1.2.840.113554.1.2.2
VMware Aria Automation 8.14.0 - 8.16.x
VMware Aria Automation Orchestrator 8.14.0 - 8.16.x
A security file with a list of security providers was retained during the upgrade and does not contain the SunJGSS security provider added in 8.16.2.
This issue is resolved in versions 8.17.0 and above.
Workaround:
rm /data/vco/usr/lib/vco/app-server/conf/security/vmware-override-java.security
kubectl rollout restart deployment vco-app -n prelude
/data/vco/usr/lib/vco/app-server/conf/security/vmware-override-java.security
does not exist and upgrading to version 8.17 does not resolve the persistent error "KDC has no support for encryption type (14)," you may need to create a new Service Account in Active Directory. This new account should replace the original account that is incompatible with the Kerberos encryption type.