We have a customer that is mixing 2003/2003R2/2008/2008R2 and just about every desktop OS starting with 2000. Now, I havent found any problems corresponding to these errors that i know of, but I dont know what symptoms it could cause and I would like to get them cleared just for peace of mind. We have 1 2003R1 domain controller and 2 2008R1 domain controllers. The 2003 server is the oldest of the bunch, of course. All 3 are being used for DNS. On the 2003 server, we get the following KDC errors: Event Type: Error Event Source: KDC Event Category: None Event ID: 27 Date: 1/11/2011 Time: 8:30:27 AM User: N/A Computer: SQL1 Description: While processing a TGS request for the target server krbtgt/domain.LOCAL, the account #machineName#$@domain.LOCAL did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1 -140. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Error Event Source: KDC Event Category: None Event ID: 26 User: N/A Computer: SQL1 Description: While processing an AS request for target service krbtgt, the account #user# did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1 -140. On the 2008 controllers, there is only a warning: Log Name: System Source: Microsoft-Windows-Kerberos-Key-Distribution-Center Date: 1/11/2011 12:06:58 PM Event ID: 29 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: DC1.domain.local Description: The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate. As far as I can tell, the times of the events on the servers dont match up in any fashion. We have other customers with mixed environments like this and they dont get these. Ideas?

Hi, If there is no CA in your domain, you can ignore the Event ID 29. For the detailed information, please refer to the following Microsoft KB article: You receive a Key Distribution Center "Event ID: 29" event message on a Windows Server 2008-based domain controller http://support.microsoft.com/kb/967623 For further troubleshooting suggestions regarding the Event ID 26, 27 and 29, please also read the following Microsoft TechNet articles: Event ID 26 — KDC Encryption Type Configuration http://technet.microsoft.com/en-us/library/cc734055(WS.10).aspx Event ID 27 — KDC Encryption Type Configuration http://technet.microsoft.com/en-us/library/cc733974(WS.10).aspx Event ID 29 — KDC Certificate Availability http://technet.microsoft.com/en-us/library/cc734096(WS.10).aspx Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.