Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You receive a Key Distribution Center "Event ID: 29" event message on a Windows Server 2008-based domain controller

You receive a Key Distribution Center "Event ID: 29" event message on a Windows Server 2008-based domain controller

View products that this article applies to.

Source: Microsoft Support

↑ Back to the top

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

↑ Back to the top

Symptom



Consider the following scenario:


·         You are using a Microsoft Windows Server 2008 domain controller.


·         The domain controller is part of a domain that does not have a certification authority (CA) installed.


·         You receive the following event message in the Event Viewer System log:


 


Log Name: System


Source: Microsoft-Windows-Kerberos-Key-Distribution-Center


Date: 10/13/2008 1:56:30 PM


Event ID: 29


Task Category: None


Level: Warning


Keywords: Classic


User: N/A


Computer: computer name


Description:


The Key Distribution Center (KDC) cannot find a suitable certificate to use for


smart card logons, or the KDC certificate could not be verified. Smart card logon


may not function correctly if this problem is not resolved. To correct this


problem, either verify the existing KDC certificate using certutil.exe or enroll


for a new KDC certificate.

↑ Back to the top

Cause



This is by design behavior.


The Kerberos-Key-Distribution-Center (KDC) service repeats this check in order to see if there is an existing, workable certificate or if a new one is present. In this case the error handling does not take into account a non-CA environment.

↑ Back to the top

Resolution



To resolve this issue use one of the following methods:


 


·         If there is no CA in your domain, you can ignore this event.


·         Install a CA in the domain.


·         If there is a CA in the domain, request a new domain controller certificate from the CA. For more information, see the following Microsoft Knowledgebase article: http://technet.microsoft.com/en-us/library/cc734096.aspx

 


·         Make sure that the DC cert was not deleted. The DC certificate should be listed in the personal store on the DC under computer certificates.


 

↑ Back to the top

More Information



This issue may also occur because of invalid domain controller certificates. Domain controller certificates may become invalid if you remove a CA that was installed in the domain. After you remove the CA, the domain controller still tries to contact the CA. To resolve this issue, remove all the invalid domain controller certificates.


For more information, see the following Microsoft Knowledgebase article:


http://support.microsoft.com/default.aspx?scid=kb;EN-US;939088



For more information about Active Directory services, see the following:


 


Active Directory Certificate Services Overview


http://technet.microsoft.com/en-us/library/cc755071.aspx

 


AD CS Upgrade and Migration Overview


http://technet.microsoft.com/en-us/library/cc742479.aspx

 

↑ Back to the top

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.


TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

↑ Back to the top

Keywords: kb, kbrapidpub, kbnomt, kbnoloc

↑ Back to the top

Article Info
Article ID : 967623
Revision : 5
Created on : 8/20/2020
Published on : 8/20/2020
Exists online : False
Views : 1020