Solved

KDC Event 14 on Windows 2008 R2 Server

Posted on 2015-01-06
2
695 Views
Last Modified: 2015-01-21
We are seeing numerous events on 2008R2 DCs similar to the following

While processing an AS request for target service krbtgt, the account xxxxxx did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes : 18. The accounts available etypes : 23  -133  -128. Changing or resetting the password of xxxxxx will generate a proper key.

The clients are Windows 7, there are only 2008R2 DCs in the domain.  The DFL/FFL is 2008R2.

I can understand the client requesting etype 18 (AES default for Windows 7) but I don't undertsand why the account only has available etype of 23 (RC4) or the negative ones, whatever they are.

Also, what does the missing key ID of 2 bit mean?

I'm pretty sure that these events are harmless enough as we're not getting a slew of calls for people not being able to log on, I'm just curious why an account in a 2008R2 domain on a Win7 client doesn't have etype 18 available.

Any help much appreciated,
Stan
0
Comment
Question by:Stanner-UK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40533722
You need to reset the password of the account referenced in the message.  The solution is in the error message, also a TechNet reference to the event id:

http://technet.microsoft.com/en-us/library/cc733991(v=ws.10).aspx

Dan
0
 
LVL 3

Expert Comment

by:Bahloul
ID: 40535282
Hi,

to fulfill this you must delete the stored password on the client machine then reset their password the root cause here because many users saved there password in some integrated applications .
0

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question