Discussion:
Key Distribution Center (KDC) cannot find a suitable certificate
(too old to reply)
Kane
2008-07-24 05:50:00 UTC
Permalink
I found this warning on my Windows Server 2008 Domain Controller, does it
cause any big problem to my domain? We do not use any smart card logon
mechanism.

"The Key Distribution Center (KDC) cannot find a suitable certificate to use
for smart card logons, or the KDC certificate could not be verified. Smart
card logon may not function correctly if this problem is not resolved. To
correct this problem, either verify the existing KDC certificate using
certutil.exe or enroll for a new KDC certificate."

I also found a document here
http://technet2.microsoft.com/WindowsServer2008/en/library/d232a005-5aa3-41ea-b96a-da905e5e5a471033.mspx.
to recommend what to do but when I go through the steps, I do not see any
existing certificate there.

Should I just request for a new certificate? Do I need to backup something
before request for a new certificate?

What happen if I do not use certificate?

thanks!
--
Kane
Jorge Silva
2008-07-24 13:13:59 UTC
Permalink
Hi
Check this at PKI newsgroups
--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
Meinolf Weber
2008-07-24 16:17:15 UTC
Permalink
Hello kane,

In my testdomain i also get the warning, but it works without any problem.
So think if you do not work with certificate services in your domain you
can ignore this event. You need a Certification Authority for renewing the
certificate.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Kane
I found this warning on my Windows Server 2008 Domain Controller, does
it cause any big problem to my domain? We do not use any smart card
logon mechanism.
"The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be
verified. Smart card logon may not function correctly if this problem
is not resolved. To correct this problem, either verify the existing
KDC certificate using certutil.exe or enroll for a new KDC
certificate."
I also found a document here
http://technet2.microsoft.com/WindowsServer2008/en/library/d232a005-5a
a3-41ea-b96a-da905e5e5a471033.mspx. to recommend what to do but when I
go through the steps, I do not see any existing certificate there.
Should I just request for a new certificate? Do I need to backup
something before request for a new certificate?
What happen if I do not use certificate?
thanks!
Loading...