RE: Warnings in eventlog. KDC Event ID: 20
From: David Pharr [MSFT] (dpharr_at_microsoft.com)
Date: 04/20/04
- Next message: Steve: "Roaming profiles"
- Previous message: Kirill S. Palagin: "Re: Single Label domain limitation"
- In reply to: Sadretdinov Vadim: "Warnings in eventlog. KDC Event ID: 20"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 20 Apr 2004 01:41:29 GMT
On the problem DC, open the certificates snap-in, go to the Certificates
(Local Computer) - Personal - Certificates store and verify that the DC has
a valid certificate whose Intended Purpose indicates Client Authentication,
Server Authentication.
Also, verify that the Certification Chain validates to the root
certificate.
On the Details tab of the certificate check to see if the Smart Card Logon
Object Identifier (1.3.6.1.4.1.311.20.2.2) is listed in the Enhanced Key
Usage field.
If any of the above is not correct you will need to correct it.
If the above is in place, export the domain controller certificate using
the default settings, give it a name and export it to a folder. Copy the
certutil.exe, certadm.dll and certcli.dll from the windows\system32 folder
to that same folder.
Open a command prompt, navigate to that folder, and run the following
command:
certutil -verify -urlfetch filename.cer > urlfetch.txt where you replace
filename.cer with the domain controller certificate file you exported.
Please send me the urlfetch.txt along with the domain controller
certificate and I'll review it.
David Pharr, dpharr@microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Sadretdinov Vadim" <vadim@cnit.ssau.ru>
| Subject: Warnings in eventlog. KDC Event ID: 20
| Date: Fri, 16 Apr 2004 15:26:11 +0500
| Lines: 24
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.0
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.132
| Message-ID: <u6#3dz5IEHA.3276@TK2MSFTNGP09.phx.gbl>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: ns4.byte-et.ru 217.66.85.2
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:73272
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hello!
| On W2003AS in eventlog I getting the following warning every few hours:
|
| Event Type: Warning
| Event Source: KDC
| Event Category: None
| Event ID: 20
| Date: 15.04.2004
| Time: 10:17:30
| User: N/A
| Computer: MORFEUS
| Description:
| The currently selected KDC certificate was once valid, but now is invalid
| and no suitable replacement was found. Smartcard logon may not function
| correctly if this problem is not remedied. Have the system administrator
| check on the state of the domain's public key infrastructure. The chain
| status is in the error data.
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
| What is wrong? And how correct this trouble?
| Thanks!
|
|
|
- Next message: Steve: "Roaming profiles"
- Previous message: Kirill S. Palagin: "Re: Single Label domain limitation"
- In reply to: Sadretdinov Vadim: "Warnings in eventlog. KDC Event ID: 20"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
