event id 20057 on scom agent

Getting Event ID: 20057 on the SCOM Agents? sporadically or not? afterwards the agents get a heartbeat failed?

Description: Failed to initialize security context for target MSOMHSvc/<Agent Server Name> The error returned is 0×80090342(The encryption type requested is not supported by the KDC.). This error can apply to either the Kerberos or the SChannel package.

Did you raise the Domain functional level?

Then there is the change you are affected by the issue that after a DFL raise the KDC is not aware of the object extensions that takes place.

And this not officially documented on TechNet yet: https://msdn.microsoft.com/en-us/library/cc753104.aspx

The sure way to know if you are affected by this issue is to take a network trace and then see if you get any KDC_ERR_ETYPE_NOSUPP messages from the KDC.

Anyway, the issue is simple to solve:

1. either restart the KDC service

2.either restart the DCs from the domain. this one is the surest :)