Customer emailed someone with ITS who contacted Computing Services at around 11:30 on Saturday (11/12). Initial review suggested the system could be restored quickly as symptoms paralleled similar outages. However, upon deeper review there was a larger systemic issue, and the outage was declared.
eCUI secure research was out of service.
The outage was caused by Kerberos authentication errors between the Citrix resources. This prevented the VDI systems from communicating with the delivery controllers. This was caused by patches applied to the Domain Controllers on Friday (11/11). These patches included updates to Kerberos encryption levels.
Registry keys were added to the domain controllers to ensure Kerberos could authenticate using appropriate encryption levels.
Changes are being reviewed for the patching of domain controllers, such as expanded documentation within the RFCs.