Question : KDC Service Hung - Event ID: 7022 - SBS2003

We've recently gone a bit green and consolidated 3 of our Windows Server 2003 servers onto a single SBS2003 box.

Preiously... Server 1 - DC / File,  Server 2 - Exchange, Server 3 - BES Express

So we followed all the steps to transfer the foles, change the global catalogs etc.  Everything seems to be functioning however there are still a few errors that are occuring.  When I restart the server, it takes an extra long time to reboot and finally pops the message up saying one or more services had failed to start...   System Event log is showing:

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7022
Date:            4/4/2008
Time:            11:39:05 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Kerberos Key Distribution Center service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

About 30 seconds later another error shows:
Event Type:      Error
Event Source:      Print
Event Category:      None
Event ID:      33
Date:            4/4/2008
Time:            11:39:46 PM
User:            NT AUTHORITY\SYSTEM
Computer:      FIC-SERVER
Description:
The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 54b

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


no idea if they're releated.

As another note shortly before the KDC Service error the System Log shows 7 LsaSrv errors

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:10 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server LDAP/FIC-SERVER.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:17 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server ldap/fic-server.fluidimagery.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:18 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server cifs/127.0.0.1.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:18 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server LDAP/Localhost.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:21 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server ldap/FIC-SERVER.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:21 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server ldap/127.0.0.1.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            4/4/2008
Time:            11:38:23 PM
User:            N/A
Computer:      FIC-SERVER
Description:
The Security System detected an authentication error for the server .  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    



I know they're pretty similiar, but I thought I'd post them all incase I'm missing something.  There was a post I saw about the 7022 error being related to a godaddy cert that was installed without installing the ceicw default cert first but that didn't help.

Answer : KDC Service Hung - Event ID: 7022 - SBS2003

Try this:

Stop the Kerberos KDC service, set it to disabled and restart the computer.
Then reset the computer account password using netdom resetpwd (detailed syntax here: http://support.microsoft.com/kb/260575 -works for 2003 also)
Then set the Kerberos KDC service back to Automatic and restart once more.

This will reset the computer account password and the KDC issue.

I had the same problem last week and this resolved it.

I also had another server with the same issue and this was because there was no PTR record (reverse lookup) in DNS for the server and adding this resolved it.  So check for the PTR record first (SPNEGO uses reverse lookup).

Cheers,

J
Random Solutions  
 
programming4us programming4us