Disabled Kerberos Key Distribution Prevents Exchange Services from Starting (316710)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Exchange 2000 Server
This article was previously published under Q316710 SYMPTOMS
You may experience any of the following symptoms:
- When you start a Windows 2000-based server, you may experience long delays while the Preparing Network Connections, Loading Your Personal Settings, and Applying Your Personal Settings screens appear.
- The following services may not start during the startup process:
- Microsoft Exchange System Attendant
- Microsoft Exchange Information Store
- Microsoft Exchange MTA stacks
- Microsoft Exchange IMAP4
- Microsoft Exchange POP3
- Intersite Messaging
- When you try to use the Active Directory Users and Computers snap-in, you may receive the following error message:
Naming information cannot be located because:
No authority could be contacted for authentication.
Contact your system administrator that your domain is properly configured and is currently online.
- You may see a red X next to the domain object for your domain in the Active Directory Users and Computers snap-in. You may receive the following error message:
Windows cannot connect to the new domain because:
No authority could be contacted for authentication.
- Any of the following events may be logged in the Application or System event logs:
Event Type: Error
Event Source: MSExchangeSA
Event Category: General
Event ID: 1005
Description:
Unexpected error A local error has occurred. Facility: Win32 ID no:
8007203b Microsoft Exchange System Attendant occurred.
Event Type: Information
Event Source: MSExchangeSA
Event Category: General
Event ID: 1004
Description:
Microsoft Exchange System Attendant failed to start.
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: None
Event ID: 2064
Description:
Process INETINFO.EXE (PID=1264). All the remote DS Servers in use are
not responding.
Event Type: Information
Event Source: Oakley
Event Category: None
Event ID: 542
Description:
The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions. All 3DES encryption used by ISAKMP/Oakley is weakened to standard DES encryption. Generally, this is benign. ISAKMP/Oakley will still be able to negotiate IP security parameters, and protect that negotiation with DES encryption. This should only be of concern if you demand that the ISAKMP/Oakley negotiation be protected with 3DES encryption. If this is the case, please contact your network administrator.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Description:
Windows cannot determine the user or computer name. Return value (1908).
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5775
Description:
Deregistration of the DNS record '_gc._tcp.domainname.com.
600 IN SRV 0 100 3268 servername.domainname.com.'
failed with the following error:
DNS bad key.
Data:
0000: 39 23 00 00 9#..
(Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5775
Description:
Deregistration of the DNS record
'_ldap._tcp.gc._msdcs.domainname.com. 600 IN SRV 0 100 3268
servername.domainname.com' failed with the following error:
DNS bad key.
Data:
0000: 39 23 00 00 9#..
(Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID:
Description: Deregistration of the DNS record
'_gc._tcp."domainname.com. 600 IN SRV 0 100 3268
"servername.domainname.com.' failed with the following error:
DNS bad key.
Data:
0000: 39 23 00 00 9#..
(Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)
Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Description:
The redirector was unable to initialize security context or query
context attributes.
Data:
0000: 00 00 08 00 02 00 56 00 ........
0008: 00 00 00 00 da 0b 00 80 .......?
0010: 00 00 00 00 5e 00 00 c0 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 68 04 00 00 5e 00 00 c0 h.......
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Description:
The Microsoft Exchange Information Store service depends on the Microsoft Exchange System Attendant service which failed to start because of the following error:
%%0
Event Type: Error
Event Source: Service Control Manager
Event Category: General
Event ID: 7001
Description:
The Microsoft Exchange POP3 service depends on the Microsoft Exchange Information Store service which failed to start because of the following error:
The dependency service or group failed to start.
Event Type: Warning
Event Source: MRxSmb
Event Category: General
Event ID: 3034
Description:
The redirector was unable to initialize security context or query context attributes.
Data:
0000: 00 00 08 00 02 00 56 00 ........
0008: 00 00 00 00 da 0b 00 80 .......?
0010: 00 00 00 00 5e 00 00 c0 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 68 04 00 00 5e 00 00 c0 h.......
Event Type: Error
Event Source: Service Control Manager
Event Category: General
Event ID: 7001
Description:
The Microsoft Exchange IMAP4 service depends on the Microsoft Exchange Information Store service which failed to start because of the following error:
The dependency service or group failed to start.
Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Description:
Application popup: Service Control Manager : At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details.
Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event ID: 3034
Description:
The redirector was unable to initialize security context or query context attributes.
Data:
0000: 00 00 08 00 02 00 56 00 ......V.
0008: 00 00 00 00 da 0b 00 80 .......?
0010: 00 00 00 00 5e 00 00 c0 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 68 04 00 00 5e 00 00 c0 h.......
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5775
Description:
Deregistration of the DNS record
'_kerberos._tcp.dc._msdcs.domainname.com. 600 IN SRV 0 100 88
"servername.domainname.com.' failed with the following error:
DNS bad key.
Data:
0000: 39 23 00 00 9#..
(Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5775
Description:
Deregistration of the DNS record
'_kerberos._tcp.domainname.com. 600 IN SRV 0 100 88
"servername.domainname.com".' failed with the following error:
DNS bad key.
Data:
0000: 39 23 00 00 9#..
CAUSE
Active Directory requires the Kerberos Key Distribution Center service for authentication. The symptoms that are described earlier in this article may occur if the Kerberos Key Distribution Center service is disabled.
RESOLUTION
To turn on the Kerberos Key Distribution Center service:
- Click Start, point to Programs, click Administrative Tools, and then click Services.
- In the list of services, double-click Kerberos Key Distribution Center.
- Change the Startup Type setting to Automatic.
- Click OK.
- Restart the server.
STATUSThis behavior is by design.REFERENCESFor additional information, click the article numbers below
to view the articles in the Microsoft Knowledge Base:
217098 Basic Overview of Kerberos Authentication in Windows 2000
231789 Local Logon Process for Windows 2000
| Modification Type: | Major | Last Reviewed: | 11/19/2003 |
|---|
| Keywords: | kbprb KB316710 |
|---|
|