Fixing KDC Authentication Problems when upgrading your domain and forest functional level from 2003 to 2008 R2
We just lately upgraded our Domain and Forest Functional Level from 2003 to 2008 R2, after a day or so I began having issues connecting to various 2008 R2 Hyper-S Virtual Machines. When trying to join I would obtain the next error:
An Authentication Error Has Occurred. The Encryption Type Requested Is not supported by the KDC
At across the similar time we additionally had one in every of our Exchange 2010 Transport Servers cease servicing shoppers, when I tried to open the Exchange administration console on the native server console ended with a HTTP server error standing 500 and “Kerberos” authentication failed. So I determined to have a look by means of the occasion viewer to see what was up.
As a part of Exchange there’s an Active Directory Topology Service which can scan your setting for Active Directory Servers each quarter-hour or so, all the trade providers depend on this service (should you ever have to restart all trade providers, merely restart the AD Topology Service). In the appliance occasion log I observed the next error message:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=xxxx). Topology discovery failed, error zero×80040952 (LDAP_LOCAL_ERROR (Client-aspect inner error or dangerous LDAP message))….
There have been additionally points with the Exchange STORE service with the next two occasions:
Process STORE.EXE (PID=xxxx). All Global Catalog Servers in forest DC=xxx,DC=xx,DC=xx will not be responding.
Process STORE.EXE (PID=xxxx). All Domain Controller Servers in use will not be responding
The relatively easy decision to all this hassle is just to restart the KERBEROS DISTRIBUTION KEY or KDC service on all Domain controllers. While merely restarting the Service will clear up the issue, you’re in all probability higher off simply doing a correct restart after upgrading your functional ranges, solely from 2003 to 2008 / 2008 R2.