The Key Distribution Center (KDC) cannot find a suitable certificate

Published on Monday, May 24, 2010 in , ,

I do not like it when a newly installed environment has event log entries with other than informational events, especially if these warnings are recurring. But I guess this one is an example which can be safely ignored. By design the KDC service periodically tries to locate a Certificate Authority to request a certificate. When no CA is present, warnings are logged.

The event: event id 29, source: Microsoft-Windows-Kerberos-Key-Distribution-Center

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.


Additional information KB967623

Related Posts

3 Response to The Key Distribution Center (KDC) cannot find a suitable certificate

20 April, 2011 18:53

In KB967623, there should be an alternative solution posted to replace "you can ignore these events", with instructions on how to suppress these events from being logged.
While it may be recommended to implement a CA solution, it is a far poorer practice to foster the ignorant behavior of ignoring persistent event logs.

08 May, 2011 17:26

You are absolutely right. It would be nice if you can configure a GPO for your domain controllers which would configure them for an environment with no CA present. Allthough these are getting more rare nowadays I think.

09 August, 2012 15:14

I agree with both comments. I very much dislike seeing any events in my logs that are warning or errors. I much prefer a fix or workaround other than installing a CA. However, I am glad I found a lot of information stating the same reasons for this event entry.

Add Your Comment