KDC Event ID 26 (dsforum2wiki)

KDC Event ID 26 (dsforum2wiki)

If you have a domain that consists of a mixed environment of Windows Server 2003 and 2008 domain controllers and if the client computers are Windows Vista or later, you will see the following error message reported in the Windows Server 2003 domain controller Event Log (a similar error, Event 27 is also generated for ticket-granting service (TGS) requests) :

Event Type:  Error 
Event Source: KDC 
Event Category: None 
Event ID: 26 
Date:  
Time:  
User: N/A
Computer: Computer_Name 
Description: While processing an AS request for target service krbtgt, the account computer_name$ did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1 -140. 


The cause of this KDC event is the client computer is sending a service ticket request with an etype that is not supported by the Windows Server 2003 domain controller (the etype is supported for the Windows 2008 domain controller). This event is informing the client as to what etype it supports. The Windows Vista or later client computers are falling back to the supported types.

For more information see the following articles:


Event ID 26 - KDC Encryption Type Configuration
 (http://technet.microsoft.com/en-us/library/cc734055(WS.10).aspx)

Kerberos Enhancements (http://technet.microsoft.com/en-us/library/cc749438.aspx)

KB 978055 (http://support.microsoft.com/kb/978055)

Related References
This article was derived from the DS forum post, EventID 26 & 27 : KDC: suitable keys (http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/29f55875-f3ee-476c-9d74-94f1b74edb31)

Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)