KdsSvc (Microsoft Key Distribution) won't start

 The Microsoft Key Distribution Service is not starting on my DC (kdssvc.dll) and when I look at the event log under Microsoft\Kdssvc, I see the events:

Event ID 4001 Group Key Distribution Service failed to start. Status 0x80070020.

Event ID 4007
Group Key Distribution Service cannot connect to the domain controller on local host. Status 0x80070020. Group Key Distribution Service cannot be started because of the error. Please contact administrators to resolve the issue.

The error 0x80070020 indicates a file lock of some type.

Does anyone know how I can fix this error? Troubleshooting on the net for this is a bit sparse and is confused with the KDC.

For clarification: This question is not about Kerberos, instead it's about the service account that handles Group Managed Service Accounts (gMSA), Bitlocker, and Windows Activation Services in a corporate environment.

August 30th, 2015 12:02am

Try disabling all the software running on the DC, especially the security software like the antivirus, and try again.

If you think that troubleshooting this might take a long time and is not worth to do then, assuming you have another DC/DNS/GC server, you can consider doing the following:

  • Re-install the faulty DC
  • Seize FSMO roles that the faulty DC was holding on another DC. You can use netdom query fsmo to get the list of fsmo hoders
  • Do a metadata cleanup: Use dsa.msc and remove the faulty DC computer account then use dssite.msc and remove the faulty DC NTDS settings and its reference there
  • Promote the server you re-installed as a domain controller
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2015 2:34pm
0x80070020 = ERROR_SHARING_VIOLATION
August 31st, 2015 4:32pm
can you check the permission of that account and status of the account.
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2015 4:33pm
Hi, 
 
How is it going? Please let us know if you would like further assistance.
 
Thanks,
 

Regards,

Eth

September 3rd, 2015 11:43am
I don't think this is a complete answer because the KDC needs to be moved to another server.  Are you familliar with this?
Free Windows Admin Tool Kit Click here and download it now
September 5th, 2015 7:51am
It's a system account - NA
September 5th, 2015 7:52am

The error 0x80070020 indicates a file lock of some type.

--- Try to run procmon when start the service and look for which file causes it.

the KDC needs to be moved to another server.

----Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain.

The KDC runs on each domain controller as part of Active Directory Domain Services (AD DS). So I'd agree with Ahmed MALEK, the quickes way is to reinstall the faulty DC.

Free Windows Admin Tool Kit Click here and download it now
September 7th, 2015 1:36am
any update?
September 9th, 2015 10:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics