Re: KDC service hangs on start + cert error in event log at every boot
- From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Mar 2007 07:39:13 -0500
You have., at some time,deployed a PKI in your test. You
either have let it lapse, or have removed it.
There are domain controller certificates deployed that
cannot be validated.
You need to do one of the following:
1) Remove all domain controller certs from the local
machine store of all domain controllers
2) set up a new CA and then run
"certutil -dcinfo -DeleteALL" to delete all old
certificates. Autoenrollment will deploy the new DC
certs
Brian
In article <jefp035phfji8q46gsu12dd9f9ohppo5d3@xxxxxxx>,
replace_name@xxxxxxxx says...
It's getting worse with every reboot (other errors start occurring), so I.
guess I shouldn't have posted this to the security group. Crossposted now
and followups set to .general in an attempt to move the thread.
A small mistake in the original post: the problem didn't start after
upgrading to Server 2003 - it started after installing SP2.
The upgrade was a few days earlier, and everything looked fine then.
Now I'm wondering if it's a hardware problem (doesn't look like it - the
RAID controller the harddisks seem OK, and chkdsk finds no errors), or if
SP2 inflicted it on me.
More below the quote.
On Fri, 30 Mar 2007 08:58:22 +0200, Lucvdv <replace_name@xxxxxxxx> wrote:
After upgrading a Win2000 server (PDC) to Server 2003 R2, I get the old 'at
least one service or driver failed to start' popup on the logon screen at
every boot.
There are two messages in the event log that look related, an error and a
warning:
error
SCM event 7022,
"The Kerberos Key Distribution service hung on starting"
warning
KDC event 20,
"The currently selected KDC certificate was once valid, but now is
invalid and no replacement was found"
I ran 'netdiag /test:kerberos /v' and 'certutil -DCInfo', neither reports
an error.
I started MMC with the certificates plugin, and looked up the KDC
certificate by the serial number that certutil reported: it is OK and still
valid until February 2009, but after a new reboot the warning and the hang
at startup both just came back.
Does anyone have an idea what might cause this?
I changed the KDC service to manual start and rebooted, just to see what it
would give.
- Prev by Date: NETLOGON ERROR
- Next by Date: Re: Cannot join domain
- Previous by thread: NETLOGON ERROR
- Next by thread: Re: KDC service hangs on start + cert error in event log at every boot
- Index(es):
Relevant Pages
|
