• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

After Migration to Windows 2008 R2

My environment: 1 2008 R2 DC and 2 2003 DCs

After adding the Windows 2008 R2 Server, I started receiving in  my  2003 DCs, system Event Log

Event ID
Source KDC, ID 27
Talking about TGS and Kerberos

In the 2008 DC I do not receive this error

Any idea ?
0
gadsad
Asked:
gadsad
1 Solution
 
ReubenwelshCommented:
Hi,

Check this out, it could be a log that you get if DES for Kerberos is disabled:

http://support.microsoft.com/kb/977321
0
 
ienaxxxCommented:
Did you execute the ADREP /FORESTPREP and ADPREP /DOMAINPREP on your 2003 DC Schema master role owner, before promoting the new 2008 DC?

0
 
archmukCommented:
This happens when a new Windows Server 2008 joins a Windows 2003 domain.
 
Actually, the Windows Server 2008 member server is sending a TGS request using  the encryption
type of 18 (AES). Windows Server 2003 does not support this  encryption type for Kerberos.
The Event ID 27  error that is being logged on the Windows Server 2003 domain
controller can  safely be ignored as it is by design.
The domain controller is just informing the client what encryption types it supports. The Windows Server  2008 servers are then falling back to one of the supported encryption types.
Some additional info is available at
http://technet.microsoft.com/en-us/library/cc733974(WS.10).aspx
0
 
gadsadAuthor Commented:
thznk you
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now