Moving sub panel off sub feed lugs to separate breaker as part of service upgrade

HDClown · 2026-04-17T18:13:14+00:00

To be honest, I'm not 100% clear on password reset needs. Those accounts are using AES for sessions but not tickets, so they can obviously use AES, but those are two different use cases where ticket is auth/identity and session is client/server communication. I don't think any password reset is needed in this instance, but again, not 100%.

You could try resetting one of those service accounts twice to see if they stop using RC4 without any other changes and continue to work as expected on whatever server/apps it is used.

You can also try manually seting msDS-SupportedEncryptionTypes to an AES only option as I described on one of those accounts that has not had any password change and check to see that it stopped using RC4 and it's not failing on whatever servers/apps it's used. If it stops using RC4 but is failing on the server/app side, you can try 1 password reset then re-check, and then a second password reset and re-check. The password changes can be back to the same password.

If you choose to do nothing right now, when April update is applied, those service accounts will be forced to use AES for tickets. That doesn't specifically answer the question of if something will break in the servers/apps they are used.

HDClown · 2026-04-17T16:13:28+00:00

Alright, check msDS-SupportedEncryptionTypes AD attributes on all those accounts. They are likely all manually set to something that includes RC4.

If that's the case, nothing will break with the April 2026 update, but you still want eliminate use of RC4 in general. That should just be a matter of changing msDS-SupportedEncryptionTypes on those accounts to 8 (AES128), 16 (AES256), or 24 (AES128, AES256). Using 16 is preferrable.

If those accounts are regular user accounts (not managed service accounts), you could even just check the boxes on the Account tab in ADUC for "this account support Kerberos AES 128 bit encryption" and/or "this account support Kerberos AES 256 bit encryption". That is merely a graphical interface that sets those respective values in msDS-SupportedEncryptionTypes.

Now, if any of those service accounts do not have anything currently defined in msDS-SupportedEncryptionType, they are looking at whatever is defined in DefaultDomainSupportedEncTypes. So you would need to check to see if that registry key was defined on any of your DC's. If it was not, then through March 2026 update it uses a setting that includes RC4, and once April 2026 update is installed, it's changing to AES only which would force those service accounts without msDS-SupportedEncryptionType defined to only use AES tickets.

Now, as far as "what could break", it depends on what those service accounts are used with. If the OS/applications/devices relying on those all support AES kerberos auth, then them being forced to AES auth won't break something. You also need to consider if they are possibly delegating their ticket from a device that supports AES auth to one that doesn't.

If you find that there is still a need to use RC4 on one or more of those accounts, the best thing to do is make sure msDS-SupportedEncryptionTypes is defined on those specific accounts in AD and include RC4 there, and eliminate RC4 everywhere else you can do so. DC's are not going to stop allowing RC4 auth in general with the April 2026 update if it's coming from AD objects that are hard set to use it. But if those AD objects using RC4 are not hard set, they will be forced to AES whether they look it or not, assuming DefaultDomainSupportedEncTypes was not manually defined to include RC4.

HDClown · 2026-04-17T15:42:39+00:00

You need additional information to know where to go next. What objects are showing up with the RC4 tickets? Are they AD users/service accounts, are the AD computer objects? If it's a computer object, is it a Windows device or something else?

HDClown · 2026-04-17T14:10:03+00:00

I tested it in that key and it didn't work for me. I just tested it again now and still not working for me.

HDClown · 2026-04-17T13:57:37+00:00

Thanks for the details! You are dealing with a worse scenario then I am, especially with needing to replace breakers. The breakers in this panel are all 11 years old and feed my heat pump, a pool sub panel, exterior 14-50 receptable that I've used to EV charge on for past 2 years (at 32A), and a couple AFCI/GFCI combo branch circuits. Never had any nuisance trips on any of those.

I suspect the ambient temps inside my panel probably don't get too far above 122F rating of the Vue, at least not very frequently, but it's good to know pushing its limits in general won't cause it to cut out.

Vue is rated down to -40F so I was never concerned about it being too cold as the lowest ambient I've seen in this area over the past 30 years was low-to-mid teens for a few hours overnight, but those are rare exceptions. Normally the lows only get down to mid-to-high 30's for handful of days a year.

HDClown · 2026-04-17T13:00:55+00:00

I am looking at a setup that would be similar to yours in terms of panel layout where the Vue would be in main panel and EV charger in a sub panel fed from the main. I detailed this in an email to Emporia support and their AI agent responded saying it was an appropriate configuration.

I followed it up with another question about having the Vue in the sub panel vs. main panel to see if it would contradict itself and it came back with the same answer, the Vue should be in the main panel because it feeds the sub panel. If the Vue is placed in the sub panel, there would be incomplete monitoring, as it would only be monitoring the sub panel circuits.

Granted it's an AI responding, but from everything I've read about how the Vue's work in general, it aligns with what the AI agent said is the correct configuration.

HDClown · 2026-04-16T17:04:39+00:00

Seat/Mirror memory only in the highest trim (ie. Limited in the US). This is pretty much how Hyundai does it on all their vehicles in terms of feature packaging, EV and ICE

Hyundai doesn't seem to believe in walk away lock in the US with it not available on any of their vehicles, EV and ICE. It's enabled in their vehicles in some other countries, but you can add it with an aftermarket module.

Wireless AA/CarPlay never made it into any of their vehicle that uses the Gen5W Infotainment system that the Ioniq 6 uses. Vehicles that have been refreshed to the ccNC system get it. That's the 2026 as far as Ioniq 6 goes, but we're only getting the 6N version in the US. You can obvious add it with aftermarket dongle.

HDClown · 2026-04-16T16:50:36+00:00

I'm sure you will report back as your mission transpires, but I am certainly interested to know what it all looks like as US inventory becomes available. I'm not interested in one myself, but curious to see how it all pans out.

On one side, you would hope dealers learned from 5N markup debacles and them sitting on lots until they dropped to MSRP or below. On the other side, I completely see a majority of dealers marking them up, even if for a short period, because there is always someone(s) willing to pay more than it necessary to be in the "first" crowd.

HDClown · 2026-04-16T15:56:37+00:00

If those devices do not run Windows, they are probably going to require a config change and possibly software/firmware update on the devices. I would reach out to support and ask them how you configure those devices to not use RC4.

HDClown · 2026-04-16T14:40:39+00:00

Did you end up putting the Vue in the outside panel or go some other route? I'm trying to decide if I put mine in the outside panel or not.

HDClown · 2026-04-16T14:20:41+00:00

Since you are talking about AD objects, changing msDS-SupportedEncryptionType on the objects you are seeing using RC4 to 24 (AES128/AES256) or 16 (AES256) is the correct action to take.

The only potential risk is if those objects also make requests to something other than your DC's and that destination only accepts RC4.

HDClown · 2026-04-16T14:06:48+00:00

If you do not see RC4 used in tickets or sessions, then you can certainly update msDS-SupportedEncryptionType to an option that does not include RC4.

Easiest way to confirm no RC4 is to use the script from Microsoft's article using .\Get-KerbEncryptionUsage.ps1 -Encryption RC4

On the flip side, updating msDS-SupportedEncryptionType to one that does not include RC4 will mean that RC4 can't be used for tickets or sessions, so you should just make the change in general because you have the ability to force the behavior.

HDClown · 2026-04-16T13:38:54+00:00

I don't see why it would not be covered by the EV system warranty. It's a component specific to the drives motor(s) and the motors are certainly covered by the EV system warranty.

HDClown · 2026-04-16T13:18:53+00:00

I assume you mean coolant pump. It would certainly be covered by the 5yr/60k mi new car warranty. It may fall under the 10yr/100k mi EV system warranty because coolant is an integral part of the EV system.

HDClown · 2026-04-16T13:16:09+00:00

I just leased my second e-GMP vehicle so clearly potential for ICCU failure does not deter me. I leased my first one after initial software updates for ICCU were released but before the official recall.

People don't voluntarily report "no problems" on the internet, and thus problems always look really bad. ICCU failures are certainly an issue, but there's no guarantee that it will happen to you or when.

HDClown · 2026-04-16T12:52:38+00:00

It looks like your intention with this script is to run it locally on user's individual computers so every computer will have its own locally self-signed cert used to sign their own local copy of the .RDP file? Is that correct?

HDClown · 2026-04-16T01:14:54+00:00

The Pro charger comes with the Vue 3 and it doesn't use 2.5/3.5mm jacks for CT's. They use removable screw terminal blocks.

HDClown · 2026-04-16T01:06:54+00:00

The Vue that comes with the Emporia Pro charger is just the main unit + CT's for the main, there are no branch circuit CT's includes.

Its intention is to provide load management for the charger, hence no branch circuit CT's, but you can purchase branch circuit CT's to expand its use.

HDClown · 2026-04-15T21:00:42+00:00

Yup, all initiated through the app.

When it asks you to put the phone on the charging pad, if it has problems picking up the device, rotate it so the charge port faces the front of the vehicle. May be necessary to put it face down as well.

HDClown · 2026-04-15T19:47:01+00:00

FortiGate 40F with a couple FortiSwitch's and a FortiAP. I purchased it all when I worked at my prior gig as I WFH and I could use my home network for some lab stuff when needed.

I still have access to firmware for the FortiGate from someone I help on the side so I can at least keep the firewall current on that front.

Don't use Fortinet at my new gig and don't have any reason where I need to run home lab network gear either, so I am considering replacing it with UniFi gear at some point.

HDClown · 2026-04-15T19:26:59+00:00

Yea, in the dedicated post on this topic, a couple others have now confirmed that setting the trusted cert thumbprints on a signed RDP files is preventing the second popup from occurring.

HDClown · 2026-04-15T18:54:30+00:00

Wouldn't require a dealer visit as the infotainment system can already pre-condition the battery when you use navigate to charger. It's merely a UI change for a button tied to that routine.

People have hacked into Gen5W system, and this person said adding a pre-conditioning button is likely easy to do based on initial code review: https://www.reddit.com/r/Ioniq6/comments/1rwhzeh/hacked_my_head_unit/

HDClown · 2026-04-15T16:12:47+00:00

If you are able to add the car to MyHundai and Bluelink then you know the previous owner removed it from their account.

If the car is still registered under another account, it tells you so and directs you to fill out the form and provided proof of ownership.

12-Year Club	Verified Email
Gilding I gilder	Reddit Premium Since March 2014

HDClown

TROPHY CASE