Solved

KDC Event 14 on Windows 2008 R2 Server

Posted on 2015-01-06
2
608 Views
Last Modified: 2015-01-21
We are seeing numerous events on 2008R2 DCs similar to the following

While processing an AS request for target service krbtgt, the account xxxxxx did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes : 18. The accounts available etypes : 23  -133  -128. Changing or resetting the password of xxxxxx will generate a proper key.

The clients are Windows 7, there are only 2008R2 DCs in the domain.  The DFL/FFL is 2008R2.

I can understand the client requesting etype 18 (AES default for Windows 7) but I don't undertsand why the account only has available etype of 23 (RC4) or the negative ones, whatever they are.

Also, what does the missing key ID of 2 bit mean?

I'm pretty sure that these events are harmless enough as we're not getting a slew of calls for people not being able to log on, I'm just curious why an account in a 2008R2 domain on a Win7 client doesn't have etype 18 available.

Any help much appreciated,
Stan
0
Comment
Question by:Stanner-UK
2 Comments
 
LVL 27

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40533722
You need to reset the password of the account referenced in the message.  The solution is in the error message, also a TechNet reference to the event id:

http://technet.microsoft.com/en-us/library/cc733991(v=ws.10).aspx

Dan
0
 
LVL 3

Expert Comment

by:Bahloul
ID: 40535282
Hi,

to fulfill this you must delete the stored password on the client machine then reset their password the root cause here because many users saved there password in some integrated applications .
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A quick guide on how to use Group Policy to create a custom power plan and set it active on Windows 7.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now