Link to home
Start Free TrialLog in
Avatar of Donna Johnson
Donna JohnsonFlag for United States of America

asked on

KDC authentication issues EventID37 after installation of KB5007192 on two DCs

After installation of Windows update KB5007192 from patch Tuesday, November 9th, 2021, we are getting a lot of Kerberos authentication warnings, Event ID # 37, on both of our domain controllers that are running Windows Server 2016 (1607) desktop experience.  Microsoft released a supposed fix KB5008601 on Sunday, November 14th, 2021.  We have installed KB5008601 on one of our domain controllers, but we haven't seen any change.  We are still getting the warning events.  

Avatar of McKnife
McKnife
Flag of Germany image

Avatar of Donna Johnson

ASKER

We have installed the new out of band update but it did not resolve the issue.
Above, you edited and said, you installed it on one out of two DCs. Needs to ne done on both.
We have installed it on both but know change.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
In reference to KB5008380, we are seeing event ID 35 TGT without the PAC attribute buffer that states "The Key Distribution Center (KDC) encountered a ticket-granting-ticket (TGT) from another KDC (“<KDC Name>”) that did not contain a PAC attributes field."  

If we add the the RED_DWORD with a value of 1 for key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc, will prevent the Event ID 35 from showing up anymore on both our domain controllers?


Try it, follow Microsoft's suggestions. I guess it will help.
Today's date is Monday, November 29th, 2021:
The latest event id 35 or 37 on both of our domain controllers was logged on Monday, November 22nd, 2021.
We aren't sure if this means that the issue is fixed or if PCs and laptops were shutdown last week due to the
Thanksgiving holiday week.  

We plan to continue to monitor the domain controllers for the above event ids.

Thank you for your help.  
Thank you for your help.  We haven't seen warning 35 or 37 show up again since November 22nd, 2021.  Today is December 1st, 2021.