Kerberos SRV Records Not Registered in Windows 2000 DNS (256289)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

This article was previously published under Q256289

SYMPTOMS

Some or all of the following records may not be listed in the DNS Forward Lookup zone for your domain.

In the _tcp folder:

_kerberos
_Kpasswd

In the _udp folder:

_kerberos
_kpasswd

CAUSE

The records are not registered if the Kerberos Key Distribution Center service is not started.

RESOLUTION

Change the startup type of the Kerberos Key Distribution Center service to Automatic:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Services.
  2. Double-click Kerberos Key Distribution Center.
  3. On the General tab, click Automatic in the Startup Type box.
  4. In the Service Status section, click Start.
  5. Click OK.
  6. Right-click the Net Logon service, and then click Stop.
  7. After the Net Logon service stops, start it again by right-clicking it and then clicking Start. Stopping and starting the Net Logon service forces registration of SRV records.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

Not having the Kerberos Key Distribution Center service started does not generally cause any error messages in Event Viewer. However, some functions may not be available (such as updating the Active Directory schema). When the Kerberos Key Distribution Center service is disabled, domain authentication is performed by using the NTLM Authentication package. For more information about Kerberos authentication in Windows 2000, see the "Windows 2000 Kerberos Authentication" white paper on the following Microsoft Web site:

Modification Type:MinorLast Reviewed:3/13/2006
Keywords:kbenv kbKerberos kbprb KB256289