| Event Id | 20 |
| Source | KDC |
| Description | The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domains public key infrastructure. The chain status is in the error data. |
| Event Information | Domain controller will display this error event in case of removal of AD(Active Directory) CA. This will continue until it will get new certificate from another CA. Run "certutil -dcinfo deleteBad" to remove the offending certificates. The DCs should then get new ones the next time Auto enrollment runs. |
| Reference Links | How to troubleshoot RPC Endpoint Mapper errors Windows Operating System (KDC) |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.