KDC can not find a suitable certificate for smart card logon
-
Thursday, May 03, 2012 5:47 PM
Hi,
I am continues finding following error in my event viewer please suggest any solution:
"The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate."
- Moved by Bruce-LiuModerator Monday, May 07, 2012 6:56 AM (From:Server Core)
All Replies
-
Monday, May 07, 2012 6:56 AMModerator
Hi,
Does your domain have a certification authority (CA) installed? If not, this message is a by design behavior. The Kerberos-Key-Distribution-Center (KDC) service repeats this check in order to see if there is an existing, workable certificate or if a new one is present. In this case the error handling does not take into account a non-CA environment. If there is no CA in your domain, you can ignore this event or install a CA in the domain. Please refer to this
You receive a Key Distribution Center "Event ID: 29" event message on a Windows Server 2008-based domain controller
http://support.microsoft.com/kb/967623
If there is a CA in the domain, request a new domain controller certificate from the CA. For more information, see the following Microsoft Knowledgebase article: http://technet.microsoft.com/en-us/library/cc734096.aspx
Hope this helps.
Regards,
Bruce
- Marked As Answer by Bruce-LiuModerator Thursday, May 10, 2012 7:59 AM
.png)
