Link to home
Start Free TrialLog in
Avatar of KANEWONG
KANEWONG

asked on

Kerberos Key Distribution

Hi;

I found this warning on my Windows 2008 Domain Controller, does it cause any big problem to my domain?  We do not use any smart card logon mechanism.

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
ASKER CERTIFIED SOLUTION
Avatar of tigermatt
tigermatt
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of KANEWONG
KANEWONG

ASKER

Hi;

I go through the steps listed on document but when I am at step 8 "Expand Certificates (Local Computer), expand Personal, and then click Certificates.  There is nothing.  There is no old controller certificates.
In that case, a certificate never existed in the first place, so there is not one for you to delete. Move on to the next section: "Request a new certificate".
do I need to run any backup before "Request a new certificate"?
You could if you wanted to, but it isn't mandatory. If I was running a backup, I would have been doing it before I deleted the old certificate, which didn't need to be done anyway.

-tigermatt
I had this EXACT same problem.  Except when I try to request a new certificate, it gives me an error message that Certificates Types Are Not Available.  

"You cannot request a certificate at this time because no certificate types are available".  
Having EXACT same problem on a brand new W2K8 domain controller.
"You cannot request a certificate at this time because no certificate types are available".  
Any way to fix this problem or it's not a problem.
Thanks.

   
I had to add the certificate authority role and install it on my 2008 domain controller.  I then created a new certificate and this error message went away