Microsoft started enforcing msds-KrbTgtLink validation starting January 2022 via their Security Update for NTLM authentication. In simple terms, msds-KrbTgtLink is a link that helps verify your identity when you’re trying to access network resources, preventing tampering. Microsoft has explained that these improvements and fixes will be a part of Security Updates going forward.
This produced a hurdle for users of Riverbed SteelHeads who join domains via Riverbed’s Active Directory Integrated Mode (Windows 2008 and later). One of the solutions researched by Riverbed was to modify the SteelHead’s userAccountControl value to represent with a small subset of attributes used by a Domain Controller, but without enabling any Domain Controlling functions from Riverbed SteelHeads after joined to the domain.
For a detailed technical insights, please refer to this technical brief.