An "Error 1352" Message Is Displayed When You Attempt to Start the Kerberos Key Distribution Center Service (295381)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q295381 SYMPTOMS
When you attempt to start the Kerberos Key Distribution Center (KDC) service on a Windows 2000-based server, you may receive the following error message:
Error 1352:
The Security Accounts Manager (SAM) or Local Security Authority (LSA) server was in the wrong state to perform the security operation.
The following event is logged in the system event log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 4/12/2001
Time: 1:17:13 PM
User: N/A
Computer: W2KSrv1
Description:
The Kerberos Key Distribution Center service terminated with the following error:
The Security Accounts Manager (SAM) or Local Security Authority (LSA) server was in the wrong state to perform the security operation.
CAUSE
This behavior can occur when the server that the Kerberos KDC service attempts to start on is not a domain controller. In this situation, by default, the Startup Type of service on the server that is not a Windows 2000-based domain controller is set to Disabled.
RESOLUTION
To work around this behavior, set the Kerberos KDC service Startup Type to Disabled on member servers. This service must be set to Automatic only if the server is an Active Directory domain controller.
STATUS
This behavior is by design.
MORE INFORMATION
The Kerberos KDC service cannot run on a member server or a stand-alone server.
The Kerberos KDC service can only be run on a Windows 2000-based Active Directory domain controller.
| Modification Type: | Minor | Last Reviewed: | 1/27/2006 |
|---|
| Keywords: | kbenv kberrmsg kbprb KB295381 |
|---|
|