Warnings in eventlog. KDC Event ID: 20

S

Sadretdinov Vadim

Hello!
On W2003AS in eventlog I getting the following warning every few hours:

Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 20
Date: 15.04.2004
Time: 10:17:30
User: N/A
Computer: MORFEUS
Description:
The currently selected KDC certificate was once valid, but now is invalid
and no suitable replacement was found. Smartcard logon may not function
correctly if this problem is not remedied. Have the system administrator
check on the state of the domain's public key infrastructure. The chain
status is in the error data.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

What is wrong? And how correct this trouble?
Thanks!
 
D

David Pharr [MSFT]

On the problem DC, open the certificates snap-in, go to the Certificates
(Local Computer) - Personal - Certificates store and verify that the DC has
a valid certificate whose Intended Purpose indicates Client Authentication,
Server Authentication.
Also, verify that the Certification Chain validates to the root
certificate.
On the Details tab of the certificate check to see if the Smart Card Logon
Object Identifier (1.3.6.1.4.1.311.20.2.2) is listed in the Enhanced Key
Usage field.
If any of the above is not correct you will need to correct it.

If the above is in place, export the domain controller certificate using
the default settings, give it a name and export it to a folder. Copy the
certutil.exe, certadm.dll and certcli.dll from the windows\system32 folder
to that same folder.
Open a command prompt, navigate to that folder, and run the following
command:
certutil -verify -urlfetch filename.cer > urlfetch.txt where you replace
filename.cer with the domain controller certificate file you exported.

Please send me the urlfetch.txt along with the domain controller
certificate and I'll review it.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Sadretdinov Vadim" <[email protected]>
| Subject: Warnings in eventlog. KDC Event ID: 20
| Date: Fri, 16 Apr 2004 15:26:11 +0500
| Lines: 24
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.3790.0
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.132
| Message-ID: <u6#[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: ns4.byte-et.ru 217.66.85.2
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:73272
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hello!
| On W2003AS in eventlog I getting the following warning every few hours:
|
| Event Type: Warning
| Event Source: KDC
| Event Category: None
| Event ID: 20
| Date: 15.04.2004
| Time: 10:17:30
| User: N/A
| Computer: MORFEUS
| Description:
| The currently selected KDC certificate was once valid, but now is invalid
| and no suitable replacement was found. Smartcard logon may not function
| correctly if this problem is not remedied. Have the system administrator
| check on the state of the domain's public key infrastructure. The chain
| status is in the error data.
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|
| What is wrong? And how correct this trouble?
| Thanks!
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

KDC Event 20 2
KDC Certificate issue 1
LSASRV and USERENV errors on main server 1
Event ID: 11 Event source: KDC 5
Event ID 1202 and 1085 on Windows XP Client 0
Certificate Problem - Smart Card Logon 3
Multiple accounts with the name MSSQLSvc... 2
NTDS ISAM event id 404 2

Top