Event Id | 28 |
Source | Microsoft-Windows-Kerberos-Key-Distribution-Center |
Description | When generating a cross realm referal from domain %1 the KDC was not able to find the suitable key to verify the ticket. The ticket key version in the request was %2 and the available key version was %3. This most common reason for this error is a delay in replicating the keys. In order to remove this problem try forcing replication or wait for the replication of keys to occur. |
Event Information | According to Microsoft : Cause This event is logged when generating a cross realm referal from domain the KDC was not able to find the suitable key to verify the ticket. Resolution Force Active Directory replication To resolve this issue, you must force Active Directory replication by using Active Directory Sites and Services. Note: The Active Directory Domain Services (AD DS) domain that is not replicating is identified in the event log message. To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority. To force Active Directory replication by using Active Directory Sites and Services: 1.Log on to a computer that has Active Directory Sites and Services installed. It is installed by default on a domain controller. 2.Click Start, point to Administrative Tools, and then click Active Directory Sites and Services. 3.Expand the site in which the domain controller is located. 4.Expand Servers, and then expand the domain controller. 5.In the details pane, right-click the connection over which you want to replicate directory information, and then click Replicate Now. Verify To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority. To verify that Active Directory Domain Services (AD DS) replication is working correctly: 1.Log on to a domain controller within your domain. 2.Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 3.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 4.Type dcdiag /test:replications, and then press ENTER. 5.The output of the command will report whether AD DS replication was successful. |
Reference Links | Event ID 28 from Microsoft-Windows-Kerberos-Key-Distribution-Center |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.