Event ID 20 KDC certificate was once valid, but now is invalid

Printable View

17-06-2005
shivinder

Event ID 20 KDC certificate was once valid, but now is invalid

There is some error message that I am getting on a Domain Controller, can anyone tell me how to solve it. Below are the error details:

"The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data."
17-06-2005
Beter 2 Burn Out

Re: Event ID 20 KDC certificate was once valid, but now is invalid

I think that incase an Active Directory CA was removed then the domain controllers will display the error that you are getting until they get a new certificate from a different CA. You can try to run this command: certutil -dcinfo deleteBad

And see if that removes the offending certificates. The DCs will be then getting new ones the next time Autoenrollment runs which is provided with Certificate services that are reinstalled. In any case, the error might go away.

All times are GMT +5. The time now is 08:17 AM.

Page generated in 1,717,382,868.47409 seconds with 10 queries