Active Roles Console fails to connect after adding user to Protected Users group (4286266)

When a user account is added to the Protected Users Group, the Active Roles Console fails to authenticate the user with the message: The user name or password is incorrect.

Members of the Protected Users group must be able to authenticate by using Kerberos with Advanced Encryption Standards (AES).

Please review the following Microsoft resources for more details on the usage of the Protected Users group:

• Protected Users Security Groups Overview
• Guidance about how to configure protected accounts

1.- Refer to the Administration Guide for details on how to configure the Administration Service to support Kerberos authentication:

2.- Enable Kerberos authentication.
3.- Connect to the Active Roles service by using the Active Roles Service FQDN as this will not work if ‘localhost’ is used:

Note: The ARS Admin has to be a local administrator: