Avatar of Donna Johnson
Donna Johnson
Flag for United States of America asked on

KDC authentication issues EventID37 after installation of KB5007192 on two DCs

After installation of Windows update KB5007192 from patch Tuesday, November 9th, 2021, we are getting a lot of Kerberos authentication warnings, Event ID # 37, on both of our domain controllers that are running Windows Server 2016 (1607) desktop experience.  Microsoft released a supposed fix KB5008601 on Sunday, November 14th, 2021.  We have installed KB5008601 on one of our domain controllers, but we haven't seen any change.  We are still getting the warning events.  

Windows 10Windows Server 2016Windows OSAzureWSUS

Avatar of undefined
Last Comment
Donna Johnson

8/22/2022 - Mon
McKnife

Donna Johnson

ASKER
We have installed the new out of band update but it did not resolve the issue.
McKnife

Above, you edited and said, you installed it on one out of two DCs. Needs to ne done on both.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Donna Johnson

ASKER
We have installed it on both but know change.
ASKER CERTIFIED SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Donna Johnson

ASKER
In reference to KB5008380, we are seeing event ID 35 TGT without the PAC attribute buffer that states "The Key Distribution Center (KDC) encountered a ticket-granting-ticket (TGT) from another KDC (“<KDC Name>”) that did not contain a PAC attributes field."  

If we add the the RED_DWORD with a value of 1 for key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc, will prevent the Event ID 35 from showing up anymore on both our domain controllers?


McKnife

Try it, follow Microsoft's suggestions. I guess it will help.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Donna Johnson

ASKER
Today's date is Monday, November 29th, 2021:
The latest event id 35 or 37 on both of our domain controllers was logged on Monday, November 22nd, 2021.
We aren't sure if this means that the issue is fixed or if PCs and laptops were shutdown last week due to the
Thanksgiving holiday week.  

We plan to continue to monitor the domain controllers for the above event ids.

Thank you for your help.  
Donna Johnson

ASKER
Thank you for your help.  We haven't seen warning 35 or 37 show up again since November 22nd, 2021.  Today is December 1st, 2021.