- Service: Messenger - See ME268091
- Service: User Name mapping - See ME833605
- Service: SNMP - See ME163595
- Service: SMS Remote Control Agent - As per Microsft: "This problem may occur if the Systems Management Server site property setting for Windows NT Remote Control is configured to use a protocol that is not installed on the Windows NT target system". See ME191335
for more details.
- Service: Server - See ME266054
- Service: Backup Exec Job Engine - See the link to "Veritas Support Document ID: 23870".
- Service: Backup Exec Server - See "Veritas Support Document ID: 269216".
- Service: Backup Exec (tm) Remote Agent for Windows Servers - See "Veritas Support Document ID: 276906".
- Service: Citrix Licensing WMI - See "Citrix Support Document ID: CTX108390
- Service: OfficeScanNT RealTime Scan - See "Trend Micro Support Solution ID: 127190".
- Service: Kerberos Key Distribution Center - From a newsgroup post: "Per my research, Event ID 20 and 7022 could occur if the current Win2k3 SP1 machine cannot contact a valid CA (Certificate Authority). CA can issue many different types certificate and smart card is a one among them. For example, you installed CA on one DC and removed CA from it; however, the Win2k3 SP1 machine still wants to contact the original CA. In this case, Event ID 20 is logged.
Once the CA has been taken down, the certificates that have been issued to all the domain controllers need to be removed. This can be done quite easily using DSSTORE.EXE from the Resource Kit. To remove old domain controller certificates, use the following steps.
At the command prompt on a domain controller, type "certutil -dcinfo deleteBad"
To do so:
1. Install the Windows Support Tools from the Support\Tools folder in the Windows Server 2003 DC.
2. Go to command prompt, type "certutil - dcinfo deleteBad" (without the quotation marks)
3. Clean out KDC 20 warnings in the System Event Log.
4. Restart the DC and then check if the issue is fixed.
I suspect that the issue may be related to the DCOM protocol. Windows Server 2003 SP1 introduces enhanced default security settings for the DCOM protocol. Specifically, SP1 introduces more precise rights that give an administrator independent control over local and remote permissions for launching, activating, and accessing COM servers.
Windows Server 2003 SP1 introduces enhanced default security settings for the DCOM protocol. Specifically, SP1 introduces more precise rights that give an administrator independent control over local and remote permissions for launching, activating, and accessing COM servers.
As the Windows Server 2003 Certificate Services provides enrollment and administration services by using the DCOM protocol, I suspect that it may be the cause of the problem.
1. Please check to ensure that a new security group, CERTSVC_DCOM_ACCESS, has been created after applied the SP1.
2. Please add the "Domain Users", "Domain Computers", "Domain Controllers" groups to the new CERTSVC_DCOM_ACCESS security group.
3. Then, we can have Certificate Services update the DCOM security settings by running the following commands:
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc
Please check if the problem has been fixed.
Reissue a domain controller certificate:
1. Click Start -> Run -> type "mmc" (without the quotation marks) and press Enter.
2. Click File -> Add/Remove Snap-in. Click the Add button and select Certificate snap-in. Select Computer account.
3. In the certificate console, navigate to Personal\Certificates. Right-click the folder and choose Request new certificate.
4. Follow the wizard to request a Domain Controller certificate.
5. Reboot the computer to see if the problem is resolved".
This event appears when a service is stuck in the start pending state. The service failed to indicate that it is making progress within the time period indicated in its last status message. See MSW2KDB
for more details on this problem.