Link to home
Start Free TrialLog in
Avatar of IT_Fanatic
IT_Fanatic

asked on

Event ID 27 KDC Help

Any idea what this type of error is? Is it critical if not or if so how can I resolve it? I hate seeing this on my event logs

While processing a TGS request for the target server krbtgt/ABC.COM, the account HM4G1$@ABC.COM did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18.  The accounts available etypes were 23  -133  -128  3  1.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Avatar of Govvy
Govvy
Flag of United States of America image

Avatar of IT_Fanatic
IT_Fanatic

ASKER

I already saw this site. This site just tells you info on it but not how to fix it. It this error critical or ignorable?
ASKER CERTIFIED SOLUTION
Avatar of Sandesh Dubey
Sandesh Dubey
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok so I navigate to this path and put this value on the registry and thats it not reboot and event logs will no longer show those errors on my 2003 server? Also I how can i find out which domain controller to put this code on? I have 2 DC of windows server 2008.

Navigate to  HKLM\System\CurrentControlSet\Control\LSA\Kerberos\Parameters

Add the  following registry value.
Value Name = DefaultEncryptionType
Type =  Reg_DWORD
Value Data = 0x17(23)
Add the key to both 2008 DC.
Is this error ignorable or critical.
Thanks for your help that worked.
Sorry I had to reopen this but it infact did not work. It still appears on my win 2003 server
It is on my 2003R2 BDC servers as well.  I tried the GPO solution set forth by Microsoft in KB977321, that seems to not help either.  I haven't tried the HotFix yet as it doesn't seem to entirely fit my criteria.

Please let me know if you ever resolved this, and if so, what worked.