184.108.40.206 AS Exchange
If EnableCBACandArmor is TRUE, the client SHOULD<29> behave as follows:
When sending the AS REQ, add a PA-PAC-OPTIONS  (section 2.2.10) PA-DATA type with the Claims bit set in the AS REQ to request claims authorization data.
When receiving the AS_REP, if the Claims bit is set in PA-SUPPORTED-ENCTYPES , and not set in PA-PAC-OPTIONS , the client SHOULD locate a DS_BEHAVIOR_WIN2012 DC (section 220.127.116.11) and go back to step 1.
If EnableCBACandArmor is TRUE, the principal is not the computer account, and the client is running on a domain-joined computer, the Kerberos client SHOULD use FAST [RFC6113] when the principal’s Realm supports FAST (section 18.104.22.168).<30>