Announcement

Collapse
No announcement yet.

KDC Error

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • KDC Error

    Hello,
    I have a problem and would appreciate your input.

    I get this error msg on my dc (windows server 2003):
    The currently selected KDC certificate was once valid,
    but now is invalid and no suitable replacement was found.
    Smartcard logon may not function correctly if this problem is not remedied.
    Have the system administrator check on the state of the domain's public key infrastructure.
    The chain status is in the error data.
    event 20 KDC

    and on an admin workstation I get:

    The Security System detected an attempted downgrade attack for server cifs/ The failure code from authentication protocol Kerberos was "The user account has been
    automatically locked because too many invalid logon attempts or password change attempts
    have been requested.

    event id 40690 LSASRV

    Does it mean I have to reissue a new certificate on the DC to stop this from happening?

  • #2
    Re: KDC Error

    Hi,

    To resolve this issue, remove all the invalid domain controller certificates, as follows:
    • At a command prompt, type the following command, and then press ENTER:

    Certutil -dcinfo deleteBad
    • At the command prompt, type exit, and then press ENTER to close the command prompt.
    • Remove all the Key Distribution Center (KDC) "Event ID: 20" instances from the Event Viewer System log.
    • Restart the domain controller
    Ref: http://support.microsoft.com/kb/939088

    Cheers
    Last edited by L4ndy; 20th February 2009, 11:48. Reason: Added possible resolution to the post.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: KDC Error

      ok. but do you think this is what causing the other error and an admin lockout?
      I mean event LSASRV

      Comment


      • #4
        Re: KDC Error

        Yes, I think they are related. But try to resolve this first and see if the other problem re-appears.
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: KDC Error

          thx. I will try soon and let you know if it helped

          Comment

          Working...
          X