Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Windows 2008 domain controller warnings - KDC certificate

33 views
Skip to first unread message

Brendon B

unread,
Feb 4, 2009, 9:29:00 AM2/4/09
to
Hi Everyone

This is the first time I am setting up a domain on Windows 2008.
Everything seems fine except for the following warning which appears
intermittently on all of the domain controllers:

Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Date: 2009/02/04 03:24:25 PM
Event ID: 29
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer:
Description:
The Key Distribution Center (KDC) cannot find a suitable certificate to use
for smart card logons, or the KDC certificate could not be verified. Smart
card logon may not function correctly if this problem is not resolved. To
correct this problem, either verify the existing KDC certificate using
certutil.exe or enroll for a new KDC certificate.

We don't use smart cards and don't plan to use them in the near future. Is
this something I must ignore or is there something I should be doing to
ensure that the error is cleared?
Your assistance in this regards is much appreciated

Regards
Brendon

Yahya Yazıcı

unread,
Feb 4, 2009, 10:07:18 AM2/4/09
to
You can read this article about event id 29

"Brendon B" <Bren...@discussions.microsoft.com> wrote in message
news:95A5D3CA-CD1C-40AF...@microsoft.com...

Meinolf Weber [MVP-DS]

unread,
Feb 4, 2009, 12:52:48 PM2/4/09
to
Hello Brendon,

Have a look here:
http://technet.microsoft.com/en-us/library/cc734096.aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Microsoft-Windows-Kerberos-Key-Distribution-Center
>


Brendon B

unread,
Feb 5, 2009, 2:17:08 AM2/5/09
to
Thanks Menolf

Does that mean I should go through the process of requesting a new
certificate even though we are not using the smart card functionality? Is
this a local certificate?

Paul Bergson [MVP-DS]

unread,
Feb 9, 2009, 8:37:59 AM2/9/09
to
If you are not using smart cards you should be able to ignore this annoying
message.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This


posting is provided "AS IS" with no warranties, and confers no rights.

"Brendon B" <Bren...@discussions.microsoft.com> wrote in message
news:95A5D3CA-CD1C-40AF...@microsoft.com...

Meinolf Weber [MVP-DS]

unread,
Feb 9, 2009, 5:09:10 PM2/9/09
to
Hello Brendon,

No i checked my test DC's and also have that event viewer entry. Do you use
smartcards, if not ignore it. My DC's run's without any problem, even if
that event exists.

0 new messages