Event 29 Microsoft-Windows-Kerberos-Key-Distribution-Center


The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified.
Smart card logon may not function correctly if this problem is not resolved.
To correct this problem,
either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
naveedmdxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

losipCommented:
I've read your series of four questions in the reverse order which was perhaps a bit silly because I think they may all be linked to the decommissioning of kvmdxmail.mdx.ac.  Can you outline what this server did (what roles and applications) and how you migrated to your new server?  I suspect we may find the answer here to all of your problems.  Or has kvmdxmail.mdx.ac just failed catastrophically and is no longer available?

A bit more background data please.
naveedmdxAuthor Commented:
yes kvmdxmail.mdx.ac is my old mail server and i am receving this error on my domain controller . first we migrate windows 2003 domain controller to 2008 R2 and then kvmdxmail server to the 2008R2 on exchange 2007 then after that we decommission the both server.
losipCommented:
OK, when you decommissioned kvmdxmailmdx.ac, did you gracefully remove Exchange 2003 from it before you removed it from the domain and powered down?

And similarly, when you decommissioned the Windows Server 2003 domain controller, did you run dcpromo to remove it as a domain controller and then remove it from the domain?

If the answers to these are "no", then we'll have run the metadata cleanup procedure to make sure that there are no refernes in AD or DNS to the decommissioned servers.
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

naveedmdxAuthor Commented:
how to run metadata run cleanup procedure ?
losipCommented:
This is all covered in the Microsoft artcile at: http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
naveedmdxAuthor Commented:
no there is no old server name is showing in the domain controller tree in windows 2008 R2
losipCommented:
OK, if the old server name is not showing either in AD Users and Computers, nor in AD Sites and Services, then open up a command prompt as an administrator and run ntdsutil.  At the prompt, type 'metadata cleanup'  and at the next prompt, type: 'remove selected server <name of old DC>'.

Then review the information presented to make sure it makes sense and click YES to remove the server object and metadata.  IF you get an error that the object can't be found, then the DC was obviously removed properly and the metadata doesn't need cleaning.  Personally, I still go back to DNS and look through the all the items in the _msdcs.mdx.ac tree for any mention of the old server and delete them.  There are quite a lot of places under _tcp subdomains where server names can be mentioned.

If all this is OK, then we come down to the removal of the mail server kvmdxmail.mdx.ac.  When you removed Exchange from this server, did you get any arrors or did it de-install cleanly?
naveedmdxAuthor Commented:
There is any other solution or this solution look like risky.
losipCommented:
I don't know of a less risky option.  Any change carries a risk and particularly when messing with Active Directory.  You have to make the choice of whether to take that risk or put up with the Event 29s and the other problems you had following the removal of kvmdxmail.mdx.ac.  If the system is working just fine, then you may wish to put up with these errors.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.