Event ID 20 - KDC - THe currently selected KDC certificate ...

I have a single server environment (Windows Server 2003) which is a DC (amongst other things) and after a scheduled reboot I noticed that a bunch of Services would not start, and the following error in eventvwr:

Event Type:      Warning
Event Source:      KDC
Event Category:      None
Event ID:      20
Date:            5/09/2012
Time:            11:49:14 PM
User:            N/A
Computer:      APOLLO
Description:
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found.  Smartcard logon may not function correctly if this problem is not remedied.  Have the system administrator check on the state of the domain's public key infrastructure.  The chain status is in the error data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 00 00 00 00   ........
0008: 00 00 00 00 00 00 00 00   ........

I have done a look online and most are saying to run "Certutil -dcinfo deleteBad" but I get errors back from this, even after a reboot.

Any ideas?
LVL 6
FlippAsked:
Who is Participating?
 
FlippConnect With a Mentor Author Commented:
For some reason a DotNet Framework error (which did not appear in any Event Viewer Log) seemed to be the cause of this error (amongst others).
So far so good in resolving this error appearing in logs.
0
 
Sushil SonawaneCommented:
At a command prompt, run the following command, and restart the domain controller

Certutil -dcinfo deleteBad

Please refer belwo article
(http://support.microsoft.com/kb/939088)
0
 
FlippAuthor Commented:
As mentioned in Question above I have already attempted this and it failed.
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
Sushil SonawaneCommented:
If do not have Domain Controller certificate. If there is no CA installed in your environment and you are not using smart card logon, it will not cause any problems and you can ignore this warning.

Please refer below link

(http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/1c912088-daed-4900-a196-40c8e5775922)
0
 
FlippAuthor Commented:
That article refers to Windows Server 2008, and as mentioned above I am running 2003 :)

As far as whether I am running a CA, I have a third-party ssl certificate. Does that qualify?
0
 
Sushil SonawaneCommented:
I think this article applicable will applicable for windows 2003 also. Third party certificate not qualify.
0
 
FlippAuthor Commented:
Then how would one determine if they are using a DC Certificate?

This error only started recently (yesterday) and also since the failure of Services etc.
0
 
Sushil SonawaneCommented:
Which service are failure???
0
 
FlippAuthor Commented:
Solution was a bit strange as there was no evidence which led to it a part from some general troubleshooting.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.