timmoat
Technical User
- Mar 6, 2007
- 85
I have two new Server 2008 standard domain controllers in a new environment and am receiving this error in the event log:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
This error is specifically mentioned on this MS url:
However, I've followed the steps and can confirm that there are no certificates in the Personal folder on either domain controller AND an attempt to request a certificate fails.
Running
certutil -dcinfo verify
Brings us:
0: LONDC02
1: LONDC01
*** Testing DC[0]: LONDC02
** Enterprise Root Certificates for DC LONDC02
No certs in Ent Root store!
Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
** KDC Certificates for DC LONDC02
0 KDC certs for LONDC02
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)
*** Testing DC[1]: LONDC01
** Enterprise Root Certificates for DC LONDC01
No certs in Ent Root store!
Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
** KDC Certificates for DC LONDC01
0 KDC certs for LONDC01
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)
CertUtil: -DCInfo command FAILED: 0x80092004 (-2146885628)
CertUtil: Cannot find object or property.
Does anyone know how to solve this issue?
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
This error is specifically mentioned on this MS url:
However, I've followed the steps and can confirm that there are no certificates in the Personal folder on either domain controller AND an attempt to request a certificate fails.
Running
certutil -dcinfo verify
Brings us:
0: LONDC02
1: LONDC01
*** Testing DC[0]: LONDC02
** Enterprise Root Certificates for DC LONDC02
No certs in Ent Root store!
Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
** KDC Certificates for DC LONDC02
0 KDC certs for LONDC02
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)
*** Testing DC[1]: LONDC01
** Enterprise Root Certificates for DC LONDC01
No certs in Ent Root store!
Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
** KDC Certificates for DC LONDC01
0 KDC certs for LONDC01
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)
CertUtil: -DCInfo command FAILED: 0x80092004 (-2146885628)
CertUtil: Cannot find object or property.
Does anyone know how to solve this issue?
