Link to home
Start Free TrialLog in
Avatar of InSearchOf
InSearchOfFlag for United States of America

asked on

Event ID 29 KDC Win 2008 R2 DC

I am getting a KDC error in my event viewer. "The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified." I do have a CA in my environment. When I go the steps of requesting a cert I get the attached error. I am trying this logged in as the domain admin. The server I am trying it on is a Win 2008 R2 DC.
CertRequest.docx
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
Your CA isn't configured properly, or there's a firewall blocking the communication between the DC and CA (Or the CA is turned off), or you have a stand-alone CA. That enrollment system requires an RPC request to the CA, and the CA must be on the domain for it to work, so if RPC traffic isn't allowed through firewalls or the CA is stand-alone, you can't use that wizard for certificate request.

That said, are you using smart cards in your environment? If not, you can safely ignore this issue.
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

Thanks for the info Adman.
1. The CA is not standalone
2. It is not powered off
3. The CA is on the domain
4. This is a DC
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
Are you using Smart cards for authentication in your environment?
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

No smart cards. All my other Domain Controllers have the cert
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of InSearchOf
InSearchOf
Flag of United States of America image

ASKER

OK. Thanks for info. Much appreciated.