Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 29 Source: Microsoft-Windows-Kerberos-Key-Distribution-Center

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
According to ME967623, this is expected for a Windows 2008 domain controller that is part of a domain that does not have a certification authority (CA) installed. The Kerberos-Key-Distribution-Center (KDC) service repeats this check in order to see if there is an existing, workable certificate or if a new one is present. In this case the error handling does not take into account a non-CA environment. See the link for resolution.

* * *

From a support forum: "I had the same problem and, unable to find any other guidance, tried installing the AD Certificate Services Role, which automatically created a root cert in the Personal store and allowed me to create a DC certificate."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.