Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 855
  • Last Modified:

Event ID 20 - KDC - THe currently selected KDC certificate ...

I have a single server environment (Windows Server 2003) which is a DC (amongst other things) and after a scheduled reboot I noticed that a bunch of Services would not start, and the following error in eventvwr:

Event Type:      Warning
Event Source:      KDC
Event Category:      None
Event ID:      20
Date:            5/09/2012
Time:            11:49:14 PM
User:            N/A
Computer:      APOLLO
Description:
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found.  Smartcard logon may not function correctly if this problem is not remedied.  Have the system administrator check on the state of the domain's public key infrastructure.  The chain status is in the error data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 00 00 00 00   ........
0008: 00 00 00 00 00 00 00 00   ........

I have done a look online and most are saying to run "Certutil -dcinfo deleteBad" but I get errors back from this, even after a reboot.

Any ideas?
0
Flipp
Asked:
Flipp
  • 5
  • 4
1 Solution
 
Sushil SonawaneCommented:
At a command prompt, run the following command, and restart the domain controller

Certutil -dcinfo deleteBad

Please refer belwo article
(http://support.microsoft.com/kb/939088)
0
 
FlippAuthor Commented:
As mentioned in Question above I have already attempted this and it failed.
0
 
Sushil SonawaneCommented:
If do not have Domain Controller certificate. If there is no CA installed in your environment and you are not using smart card logon, it will not cause any problems and you can ignore this warning.

Please refer below link

(http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/1c912088-daed-4900-a196-40c8e5775922)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
FlippAuthor Commented:
That article refers to Windows Server 2008, and as mentioned above I am running 2003 :)

As far as whether I am running a CA, I have a third-party ssl certificate. Does that qualify?
0
 
Sushil SonawaneCommented:
I think this article applicable will applicable for windows 2003 also. Third party certificate not qualify.
0
 
FlippAuthor Commented:
Then how would one determine if they are using a DC Certificate?

This error only started recently (yesterday) and also since the failure of Services etc.
0
 
Sushil SonawaneCommented:
Which service are failure???
0
 
FlippAuthor Commented:
For some reason a DotNet Framework error (which did not appear in any Event Viewer Log) seemed to be the cause of this error (amongst others).
So far so good in resolving this error appearing in logs.
0
 
FlippAuthor Commented:
Solution was a bit strange as there was no evidence which led to it a part from some general troubleshooting.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now