|
Question : KDC Service Hung - Event ID: 7022 - SBS2003
|
|
We've recently gone a bit green and consolidated 3 of our Windows Server 2003 servers onto a single SBS2003 box.
Preiously... Server 1 - DC / File, Server 2 - Exchange, Server 3 - BES Express
So we followed all the steps to transfer the foles, change the global catalogs etc. Everything seems to be functioning however there are still a few errors that are occuring. When I restart the server, it takes an extra long time to reboot and finally pops the message up saying one or more services had failed to start... System Event log is showing:
Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7022 Date: 4/4/2008 Time: 11:39:05 PM User: N/A Computer: FIC-SERVER Description: The Kerberos Key Distribution Center service hung on starting.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
About 30 seconds later another error shows: Event Type: Error Event Source: Print Event Category: None Event ID: 33 Date: 4/4/2008 Time: 11:39:46 PM User: NT AUTHORITY\SYSTEM Computer: FIC-SERVER Description: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
no idea if they're releated.
As another note shortly before the KDC Service error the System Log shows 7 LsaSrv errors
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:10 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server LDAP/FIC-SERVER. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:17 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server ldap/fic-server.fluidimagery.local. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:18 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server cifs/127.0.0.1. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:18 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server LDAP/Localhost. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:21 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server ldap/FIC-SERVER. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:21 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server ldap/127.0.0.1. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 4/4/2008 Time: 11:38:23 PM User: N/A Computer: FIC-SERVER Description: The Security System detected an authentication error for the server . The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..À
I know they're pretty similiar, but I thought I'd post them all incase I'm missing something. There was a post I saw about the 7022 error being related to a godaddy cert that was installed without installing the ceicw default cert first but that didn't help.
|
|
Answer : KDC Service Hung - Event ID: 7022 - SBS2003
|
|
Try this:
Stop the Kerberos KDC service, set it to disabled and restart the computer. Then reset the computer account password using netdom resetpwd (detailed syntax here: http://support.microsoft.com/kb/260575 -works for 2003 also) Then set the Kerberos KDC service back to Automatic and restart once more.
This will reset the computer account password and the KDC issue.
I had the same problem last week and this resolved it.
I also had another server with the same issue and this was because there was no PTR record (reverse lookup) in DNS for the server and adding this resolved it. So check for the PTR record first (SPNEGO uses reverse lookup).
Cheers,
J
|
|
|
|