Login problem for IM web and Control Edge

Incident Report for Visma Cloud Services

Postmortem

Based on the following Notification from Microsoft:

Warning

Windows updates for CVE-2026-20833 enforce RC4 hardening in phases. Plan and complete remediation before full enforcement:

  • January 13, 2026 - Initial deployment phase:Updates introduce audit signals and preparation controls.
  • April 2026 - Enforcement phase (manual rollback available):Default Kerberos KDC behavior shifts to AES-first, and RC4-dependent scenarios can start failing unless explicitly configured.
  • July 2026 - Enforcement phase (final):Updates remove rollback support and keep enforcement enabled.

we disabled the Kerberos RC4 encryption on the EntraID Domain Services.
The configuration was leading to the mentioned incident.

As this will be anyhow eminent to happen ( enforcement of Kerberos to AES ) we will continue internal investigation with Microsoft Support to identify root cause of the action applied today.
Until further notice the Kerberos RC4 encryption will remain enabled.

Posted May 06, 2026 - 12:24 CEST

Resolved

This incident has been resolved.
Posted May 06, 2026 - 12:23 CEST

Update

We are continuing to monitor for any further issues.
Posted May 06, 2026 - 12:23 CEST

Monitoring

A fix has been implemented and we are monitoring the results.
Posted May 06, 2026 - 11:45 CEST

Update

We are continuing to investigate this issue.
Posted May 06, 2026 - 11:02 CEST

Investigating

We are currently investigating this issue.
Posted May 06, 2026 - 11:01 CEST
This incident affected: Control Edge (Control Edge, Invoice Manager, Control Edge User Management).
Current Status Powered by Atlassian Statuspage
Copyright © Visma Software International AS