KDC - Warning system event log - Smart Card. Grrrr.
Hello, I am getting the following message: The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate. I would think that smart cards would be something that would be "added" instead of installed by default. I found a solution here: http://technet.microsoft.com/en-us/library/cc734096%28WS.10%29.aspx But I don't have a CA, or want to install openSSL for a sel-signed cert, nor do I want to purchase a cert. Why can't I just disable this altogether (smart card feature)?
June 29th, 2010 11:01pm
Hello, if you talk about event id 29 from Microsoft-Windows-Kerberos-Key-Distribution-Center and you don't have a CA installed or use certificates you can safely ignore this event.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
June 30th, 2010 9:58am
lol. but I don't want to ignore this event. any hack to have the system not check for this since Smart cards are not being used? A clean log is a happy log. ;)
July 1st, 2010 1:58am
Hi, Please refer to the following KB article for more information about the event: 967623 You receive a Key Distribution Center "Event ID: 29" event message on a Windows Server 2008-based domain controller http://support.microsoft.com/default.aspx?scid=kb;EN-US;967623 On July 1st we will be making Windows Server 2008 R2 General forum read only. After receiving a lot of feedback from the community, it was decided that this forum is a duplication and therefore redundant of the General Forum. So, until July 1st, we will start asking customers to redirect their questions to the General Forum. On June 11th, CSS engineers will move any new threads to the General Forum. Please post a reply to the announcement thread if you have any feedback on this decision or the process. You can also email WSSDComm@microsoft.com. This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 1st, 2010 5:35am
I've seen that article in my research previously. :) So it sounds like there is NO possible way to just have AD recognize that we specified that we are NOT using smart cards, so DON'T look for a certificate related to this?
July 2nd, 2010 12:26am