KDC Certificate Availability

Applies To: Windows Server 2008

Kerberos uses certificates to encrypt communication between the Kerberos client and the Kerberos Key Distribution Center (KDC).

Events

Event ID Source Message

19

Microsoft-Windows-Kerberos-Key-Distribution-Center

This event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate.

20

Microsoft-Windows-Kerberos-Key-Distribution-Center

The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data.

29

Microsoft-Windows-Kerberos-Key-Distribution-Center

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

Kerberos Key Distribution Center

Core Security