Event submitted by Sang Kim
Event ID:
20
Source:
KDC

Message:
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data.


Solution by Sang Kim
Fri Mar 10 12:25:48 -0500 2006

If an Active Directory CA was removed, Domain Controllers will display this error until they get a new certificate from a different CA.

Run "certutil -dcinfo deleteBad" to remove the offending certificates. The DCs should then get new ones the next time Autoenrollment runs.



User Information
 
Please note Only an Email address is required for returning users.

Email: *
Name / Alias:
Hide Name

Solution
Your solution: *

Additional Links
Name:
URL:
Spam Protection
Complete the following: 'Jack and Jill went up the ???