Per section 3.2.1 of RFC 4556 spec, for this key exchange to work, the client has to both support and notify the key distribution center (KDC) of their support for des-ede3-cbc ('triple DES”). The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support DH or advertise support for des-ede3-cbc ('triple DES”) during the Kerberos AS request.
Microsoft said it 'released hardening changes for CVE-2021-33764,' which might cause issues on a domain controller (DC). The problem appeared after the latest Patch Tuesday updates delivered earlier this month but affects not only Windows 10 but also Windows 8.1 and Windows 7. Last week, Microsoft confirmed a bug that affects printing and scanning functions in certain scenarios and affects a small number of devices. Windows 10 users have been reporting multiple printing issues lately.
