none
KDC Error Messages when Rebooting Domain Controller RRS feed

  • Question

  • I'm getting some messages on my DC's, but it only seems to happen right after a reboot.  My environment has two domain controllers, both running Windows Server 2019 core.  When I reboot either of the two the servers, I'm often seeing the error messages shown below which appear moments after the server comes back up.

    What is causing these error messages to appear after DC reboots?

    Both DC's have no other roles.  Both DC's have about 23 GB of free space.  The servers are using between 75%-85% memory (3GB allocated).  Small environment less than 100 users.  Both servers passed all DCDIAG.exe tests, with the exception of the syslog test, which references the errors in this post, as well as a DCOM message and WinRM service not listening for WS-Management requests.

    ----------------------------------------------------

    Log Name:      System
    Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
    Date:          1/27/2020 8:39:12 AM
    Event ID:      7
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DCNAME2.domain.local
    Description:
    The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was 懀�嚎䍉㳛䫪 and lookup type 0x100.

    ----------------------------------------------------

    Log Name:      System
    Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
    Date:          1/27/2020 8:39:12 AM
    Event ID:      7
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      DCNAME2.domain.local
    Description:
    The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was san and lookup type 0x0.


    Monday, January 27, 2020 5:09 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.


    From AD side, we can check DC health and AD environment health as below:

    1. We can check DC health with Dcdiag /v on both DC.

    2. And whether AD replication is OK with repadmin /showrepl and repadmin /replsum on both DCs.

    3. Check whether Netlog and SYSVOL folders are shared with net share command. 

    4. Check if we can run gpupdate /force on both DCs successfully.


    If all the above are OK, we can try to restart both DCs to see if it helps.

    For the error message, we can refer to the following link.

    Event ID 7 — Security Accounts Manager Availability
    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd363930(v=ws.10)?redirectedfrom=MSDN




    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 28, 2020 7:19 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 30, 2020 6:48 AM
    Moderator
  • Hi,

    Please check this link : Microsoft-Windows-Kerberos-Key-Distribution-Center


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Sunday, February 2, 2020 10:27 PM
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 3, 2020 6:29 AM
    Moderator
  • Hi,
     
    Just want to confirm the current situations.
     
    Please feel free to let us know if you need further assistance.
     
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 5, 2020 4:04 AM
    Moderator
  • Hi Daisy,

    Thank you for the messages.  I performed the dcdiag commands and the repadmin steps.  Everything looks very normal.  The problem only appears right after a reboot so unfortunately that didn't resolve the issue.

    The server is running core and there is little on it outside of Symantec Endpoint Protection and a monitoring software.  I'm going to uninstall this monitoring software and see if the issue gets resolved.

    Saturday, February 15, 2020 12:00 AM