Home > Event Id > Did Not Have A Suitable Key For Generating A Kerberos Ticket (the Missing Key Has An Id Of 8)

Did Not Have A Suitable Key For Generating A Kerberos Ticket (the Missing Key Has An Id Of 8)


Join the IT Network or Login. I am able to demote the 2k3 server, but am intentionally keeping it as a second DC for redundancy. Ficher King, sis you apply the HotFix as well to your 2008R2 DC? In the Group Policy Management Console (GPMC)..." Thai Pepper Jan 11, 2013 Ccraddock Consulting, 1-50 Employees Ignore this warning if your planning on getting rid of your server 2003 servers as http://itivityglobal.com/event-id/0x80040a02-dsc-e-no-suitable-cdc.html

You must have the Active Directory Domain Service role service installed My Win 2008 domain controller is 32bit. Login here! Thanks for your help. 0 Message Author Closing Comment by:fisher_king ID: 373032582011-12-17 The GP changes in the MS KB article appear to have fixed the problem. Home Best Practices Manuals Good Stuff Home > Server 2003, Server 2008 R2 > KDC Event ID 26 and 27 logged on 2003DC KDC Event ID 26 and 27 logged on https://support.microsoft.com/en-us/kb/2002141

Did Not Have A Suitable Key For Generating A Kerberos Ticket (the Missing Key Has An Id Of 8)

Close Box Join Tek-Tips Today! The accounts available etypes were %5. That being said, we are a ski area and are about to open our mountain for winter operations, so I'm disinclined to disjoin the 2k3R2 machine. How to resolve this issue?

You must download and install the Windows Server Resource Kit before you can use Klist.exe.   To view cached Kerberos tickets by using Klist:   1.      Log on to a Kerberos Sree Edited by learn4share Thursday, October 02, 2008 9:58 PM Thursday, October 02, 2008 9:54 PM Reply | Quote Answers 0 Sign in to vote Hi,   Kerberos allows certain encryption Concepts to understand: What is Kerberos? Event Id 27 E1cexpress or get rid of the old 2003 DC so domain will use better AES encryption.

What is TGS? Event Id 27 Network Link Is Disconnected The accounts available etypes were 23 -133 -128 3 1.

Sep 29, 2011 While processing a TGS request for the target server krbtgt/INT.NORPAC.COM, the account [email protected] did not have a suitable I found that article previously. If the Kerberos authentication works properly, you can safely ignore the events.

Also, can anyone comment on what kind of errors might be seen on the client side? Event Id 27 E1dexpress The requested etypes were 18. Resolve Configure an available encryption type Kerberos supports several encryption types that are used to encrypt the tickets. My 2003 BDC is generating more and more of these as we get more and more Win 7 clients on the network.

Event Id 27 Network Link Is Disconnected

In a larger environment, this would generally be … Storage Software Windows Server 2008 Disaster Recovery Configuring Storage Pools in Backup Exec 2012 Video by: Rodney To efficiently enable the rotation Go Here TheEventId.Net for Splunk Add-onassumes thatSplunkis collecting information from Windows servers and workstation via the Splunk Universal Forwarder. Did Not Have A Suitable Key For Generating A Kerberos Ticket (the Missing Key Has An Id Of 8) x 24 Private comment: Subscribers only. Tgs Request For The Target Server The client is too small to justify the new hardware required for a second 2k8 DC.

But I have to agreed that this isn't completely answered as in the word 'resolved'.Yours Truly Online, Uli the Maui Tech Guru Helping people with computers in Maui Hawaii. navigate here If you are using a non-Microsoft Kerberos client to request a ticket from a Windows-based Kerberos server, the Kerberos client must support the same encryption type. because one of our customers has the same problem as typed above. on local GPO and DC this option is not configured: DES-CBC-MD5 DES-CBC-CRC AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 RC4-HMAC I need to enable one of this method? Event Id 27 E1iexpress

Edited by Morgan Che [MSFT]Moderator Friday, October 03, 2008 9:01 AM addd Marked as answer by Morgan Che [MSFT]Moderator Tuesday, October 07, 2008 10:01 AM Friday, October 03, 2008 8:52 AM The accounts available etypes were 23 -133 -128 3 1.

Dec 11, 2012 While processing a TGS request for the target server krbtgt/EUROMIDS.LOCAL, the account [email protected] did not have a suitable The requested etypes were 18. Check This Out Join UsClose

Get 1:1 Help Now Advertise Here Enjoyed your answer? Event Id 16 Kerberos-key-distribution-center Type klist tickets, and then press ENTER. These "errors" should go away once that is removed as everything else is 2008 and newer.

Friday, August 05, 2011 9:01 PM Reply | Quote 0 Sign in to vote Update: My solution has been to accelerate my work to get rid of my 2003 domain controllers.

IT solutions Proudly powered by WordPress. Anyone have any answers besides what is listed above. Are you an IT Pro? Event Id 27 Windows Update Client Leave a Reply Cancel reply Enter your comment here...

Hence it fails one of the pre-requisits listed in any of the fixes (incl. The issue is solved by the hotfix described in ME978055. After searching around seems that older server 2003 doesn't support AES in Kerberos and hence alerts, some suggests ignoring if authentication still works but I don't like these red flags in this contact form Here is W2K8 R2 SP1 - C:\>klist tickets [...] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) [...] Session Key Type: RSADSI RC4-HMAC(NT) Here is W2K3 SP2: C:\>klist tickets Cached Tickets:

Join 4 other followers Top ClicksNone Top Create a free website or blog at WordPress.com. %d bloggers like this: IT solutions Tips and tricks for Microsoft WIndows servers Skip to The faulty DC had only two cached tickets, another running DC had four. Can anyone confirm whether or not that is the correct fix? Of late, have been getting numerous Event ID 27 and source KDC errors on the windows server 2003 r2 which states: While processing a TGS request for the target server krbtgt/amanua.net,

i try to use hotfix: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=978055&kbln=en-us but i see information when hotfix unpackage: "This update does not apply to this computer." Windows 7 and 2008 R2 clients worked without problem's. Rebooted the DC in an attempt to "reload" the ticket cache. Thanks for the response, I truly appreciate it. 0 Message Author Comment by:fisher_king ID: 385781222012-11-07 There is no loss of functionality that I have seen. Type: Error Description:While processing a TGS request for the target server the account did not have a suitable key for generating a Kerberos ticket (the missing key has an

Resources Join | Advertise Copyright © 1998-2017 ENGINEERING.com, Inc. Registration on or use of this site constitutes acceptance of our Privacy Policy. Login Join Community Windows Events KDC Ask Question Answer Questions My Profile ShortcutsDiscussion GroupsFeature RequestsHelp and SupportHow-tosIT Service ProvidersMy QuestionsApp CenterRatings and ReviewsRecent ActivityRecent PostsScript CenterSpiceListsSpiceworks BlogVendor PagesWindows Events Event 27 We're logging this on a 2003 Server R2 DC.

x 48 Christophe Lubrano di Ciccone This happened to me in a Active Directory 2003 Forest -native mode with Windows 2008 R2 SP1 DCs recently installed and SAP JEE. All rights reserved. all I get is a runtime error.