In my case, after a reboot of a Windows 2008 R2 server, KDC service did not start. Started KDC and DNS came back on line.
Apparently, this problem was fixed in Windows 2000 Service Pack 1 (see the link below) but we have received reports about this error even on systems with Service Pack 2. See ME258072
for more details.
Each instance of this problem should be approached based on the error code in the Data portion of the event. The fix for one will not apply to the other so pay attention to that. Example of codes:
Data: 3a 00 00 00 = The specified server cannot perform the requested operation.
Data: 54 05 00 00 = A specified authentication package is unknown.
Data: 2a 23 00 00 = DNS server failure.
Data: 2d 23 00 00 = DNS operation refused. Some support forums suggest that this may happen if DNS attempts to start before AD itself finished initializing.
Data: f5 25 00 00 = The directory service is unavailable.
The behavior will occur if the DNS server IP address is incorrect. See "JSI Tip 8507" to solve the problem. WITP81885
Data: 0000: f5 25 00 00 - This is a permissions issues. See ME305837
describes a situation when certain settings for the Windows event log creates this problem.
According to ME884499
, this can happen on servers with two or more network adapters. Only the first IP address can be used for DNS.
In my case, this error message came up after a crash on a single W2K AD Server. You could not log into the system with any AD account. The fix was to reboot in safe mode (AD restore) and restore AD.
The odd thing is that the next time the system crashed (a month later), the same symptoms returned. Any restore I ran that was dated after the first crash would not fix the problem. I had to use a tape that was created before the first crash that created this problem, which, then fixed the problem.