KDC Certificate Availability
Applies To: Windows Server 2008 R2
Kerberos uses certificates to encrypt communication between the Kerberos client and the Kerberos Key Distribution Center (KDC).
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Kerberos-Key-Distribution-Center |
This event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate. | |
Microsoft-Windows-Kerberos-Key-Distribution-Center |
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data. | |
Microsoft-Windows-Kerberos-Key-Distribution-Center |
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate. |