In November 9 2021, Microsoft release a monthly security update, which imporves authentication safaty described in CVE-2021-42287
I have a test in NAS lab:
1. Windows server 2019( with KB5007206): Set PacRequestorEnforcement registry value to “2” (Enforcement phase)
2. Ontap simulater 9.8P7: A SVM join AD domain with administator
It returns "join failed".
Trace packet shows an error about KPASSWD, seems that initiate the password of machine account
