Primary DC can not browse the internet/KDC20 Event
Posted on 2010-03-23
Apologies for lumping this in one thread, but both issues are interlinked.
This is a tricky one.
A few months ago we promoted a new Domain Controller, with the view of it taking over as the PDC. The DC promo was successful, however another admin switched off the previous PDC and removed it from the network without dcpromo'ing it first (he did it over the weekend, when I was away).
I've been left clearing up the domain. I've managed to get rid of most of the event errors, some of which related to the GC and other DNS related issues, but I can not figure out these last two items.
Firstly, I can not browse the internet on the DC. I have set other servers and workstations to use this DC as the DNS server and they can all browse the web without issue. I can even ping websites. However on the DC itself I can not browse via either IE or Firefox.
Secondly I have the following error:
Source: KDC Event ID 20
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data.
I have searched for solutions and even seen a few threads, in Experta Exchange for KDC. However none of them seem to resolve my issue. I believe the problem is caused by the fact that the previous certificate was registered with the old PDC.
Any help would be most appreciated.
Oh and the PDC Server 2003 (all three DCs on the network are Server 2003).