Windows Server 2025 automatically enabled the KDC proxy service

[SergeCaron]

Hello Marc-André,

I did a simple install from scratch of a Windows Server 2025 Standard and created a new forest from this single DC.

No other configuration was attempted and the KPSSVC service is not running.

I installed the Remote Desktop Gateway role.

After installation, the KPSSVC is running with the following parameters:

PS C:\Users\Administrateur> Get-ItemProperty -Path Registry::\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KPSSVC\Settings

DisallowUnprotectedPasswordAuth : 0
HttpsClientAuth                 : 0
HttpsUrlGroup                   : {+:443, , , ...}

It also created HTTP urlacl for both "https://+:443/kdcproxy" (all lowercase) and "https://+:443/remoteDesktopGateway" (exact capitalisation).

It seems these are the exact parameters you are using (plus a little something ;-).

I will install a certificate tomorrow and see if I can get Kerberos tickets over HTTPS.

I will appreciate your comments.

Regards,