Event 29: Warning in Error Log - Can you Help me Track it Down?
I have two new Server 2008 standard domain controllers in a new environment and am receiving this error in the event log:The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.This error is specifically mentioned on this MS url:http://technet.microsoft.com/en-us/library/cc734096.aspxHowever, I've followed the steps and can confirm that there are no certificates in the Personal folder on eitherdomain controller AND an attempt to request a certificate fails.Runningcertutil -dcinfo verifyBrings us:0: LONDC021: LONDC01*** Testing DC[0]: LONDC02** Enterprise Root Certificates for DC LONDC02No certs in Ent Root store!Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)** KDC Certificates for DC LONDC020 KDC certs for LONDC02No KDC Certificate in MY storeKDC certificates: Cannot find object or property. 0x80092004 (-2146885628)*** Testing DC[1]: LONDC01** Enterprise Root Certificates for DC LONDC01No certs in Ent Root store!Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)** KDC Certificates for DC LONDC010 KDC certs for LONDC01No KDC Certificate in MY storeKDC certificates: Cannot find object or property. 0x80092004 (-2146885628)CertUtil: -DCInfo command FAILED: 0x80092004 (-2146885628)CertUtil: Cannot find object or property.Does anyone know how to solve this issue? Many thanks!
August 27th, 2008 1:21pm

Hi, From the output of the certutil command, I think that there is no CA installed in this environment and you have not installed any third party domain controller certificates. This event is logged on the Windows Server 2008 Domain Controllers which do not have Domain Controller certificate. However, if there is no CA installed in your environment and you are not using smart card logon, it will not cause any problems and you can ignore this warning. For more information about smart card logon and certificate service in Windows Server 2008, please refer to the following links: Active Directory Certificate Services http://technet.microsoft.com/en-us/library/cc770357.aspx Windows Vista Smart Card Infrastructure http://msdn.microsoft.com/en-us/library/bb905527.aspx Smartcard in 2008 and Vista..National ID card? No UPN? No EKU? No problem! http://blogs.msdn.com/spatdsg/archive/2008/04/17/smartcard-in-2008-and-vista.aspx
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2008 11:34am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics