Domain Controller Kerberos Authentication Error

This event generates only on domain controllers.

Domain controller kerberos authentication error. Click start click run and then type adsiedit msc. Frame 20 shows that since kerberos failed due to an unknown service principal name the ntlmssp negotiate authentication package is selected. If i use the other domain controller both ms rpc and kerberos work.

Expand domain nc expand dc domain and then expand ou domain controllers. When the dc is in shutdown phase it will normally tell current clients to use another dc for authentication using the error code 0xc00000dc status invalid server state. I am getting error rpc netlogon failed when authentication using ms rpc against one domain controller.

Kerberos test pass fine. Frame 21 shows that the remote system sending the ntlmssp challenge this is typical back. This problem can occur when a domain controller doesn t have a certificate installed for smart card authentication for example with a domain controller or domain controller authentication template the user s password has expired or the wrong password was provided.

To resolve this problem update the registry on each computer that participates in the kerberos authentication process including the client computers. Firewalls or other network devices preventing connections from the client to the domain controller. Active directory and active directory domain services port requirements.

Network ports used by the kerberos. The server won t avoid responding to new clients on netlogon user datagram protocol udp queries. Verify that the domain controller s useraccountcontrol attribute is 532480.

Frame 22 shows that the system sent no ntlm credentials to the remote system. I built a new dc and only kerberos works against it. Check the following links for additional information.