The currently selected KDC certificate was once valid…
Posted on April 26, 2010
Description:The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain’s public key infrastructure. The chain status is in the error data.
I had this error on a domain controller that shouldn't have this error. Theres pretty much no documentation for KDC or certificate debugging.Luckily, this worked
- certutil -dcinfo deleteBad
This deletes all the bad certificates and adds any new ones that are required. You'll need Windows Support Tools.
Related posts
- Synchronizing time on a Windows 2003 domain controller
In a Windows domain environment its incredibly important that all clients & servers share the... - SSL Certificate Generation in 30 seconds*
Here's my mini guide on creating SSL certificates for use in Apache. I create a... - Ridiculously simple NTLM Authentication for Apache (Ubuntu)
We all know Ubuntu makes things amazingly simple. This is the best I've found so... - MySQL 5.0 or 5.1 to 5.5 Upgrade Traumas on CentOS
Ignoring all the panic-mongers on the rest of the internet upgrading MySQL from 5.0 or 5.1... - I heart MDB2
I recently started a project for a customer, if it's CubeCart, WordPress or BackPress based,...
About Kieran
