Microsoft KB Archive/316710

= Disabled Kerberos Key Distribution Prevents Exchange Services from Starting =

Article ID: 316710

Article Last Modified on 2/23/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q316710



SYMPTOMS
You may experience any of the following symptoms:  When you start a Windows 2000-based server, you may experience long delays while the Preparing Network Connections, Loading Your Personal Settings, and Applying Your Personal Settings screens appear. The following services may not start during the startup process:  Microsoft Exchange System Attendant Microsoft Exchange Information Store Microsoft Exchange MTA stacks Microsoft Exchange IMAP4 Microsoft Exchange POP3</li> Intersite Messaging</li></ul>

</li> When you try to use the Active Directory Users and Computers snap-in, you may receive the following error message:

Naming information cannot be located because:

No authority could be contacted for authentication.

Contact your system administrator that your domain is properly configured and is currently online.

</li> You may see a red X next to the domain object for your domain in the Active Directory Users and Computers snap-in. You may receive the following error message:

Windows cannot connect to the new domain because:

No authority could be contacted for authentication.

</li> Any of the following events may be logged in the Application or System event logs:

Event Type: Error

Event Source: MSExchangeSA

Event Category: General

Event ID: 1005

Description:

Unexpected error A local error has occurred. Facility: Win32 ID no:

8007203b Microsoft Exchange System Attendant occurred.

Event Type: Information

Event Source: MSExchangeSA

Event Category: General

Event ID: 1004

Description:

Microsoft Exchange System Attendant failed to start.

Event Type: Error

Event Source: MSExchangeDSAccess

Event Category: None

Event ID: 2064

Description:

Process INETINFO.EXE (PID=1264). All the remote DS Servers in use are

not responding.

Event Type: Information

Event Source: Oakley

Event Category: None

Event ID: 542

Description:

The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions. All 3DES encryption used by ISAKMP/Oakley is weakened to standard DES encryption. Generally, this is benign. ISAKMP/Oakley will still be able to negotiate IP security parameters, and protect that negotiation with DES encryption. This should only be of concern if you demand that the ISAKMP/Oakley negotiation be protected with 3DES encryption. If this is the case, please contact your network administrator.

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1000

Description:

Windows cannot determine the user or computer name. Return value (1908).

Event Type: Error

Event Source: NETLOGON

Event Category: None

Event ID: 5775

Description:

Deregistration of the DNS record '_gc._tcp.domainname.com.

600 IN SRV 0 100 3268 .'

failed with the following error:

DNS bad key.

Data:

0000: 39 23 00 00 9#..

(Where  is the local domain name and   is the full computer name.)

Event Type: Error

Event Source: NETLOGON

Event Category: None

Event ID: 5775

Description:

Deregistration of the DNS record

'_ldap._tcp.gc._msdcs. . 600 IN SRV 0 100 3268

' failed with the following error:

DNS bad key.

Data:

0000: 39 23 00 00 9#..

(Where  is the local domain name and   is the full computer name.)

Event Type: Error

Event Source: NETLOGON

Event Category: None

Event ID:

Description: Deregistration of the DNS record

'_gc._tcp.&quot;domainname.com. 600 IN SRV 0 100 3268

&quot; .' failed with the following error:

DNS bad key.

Data:

0000: 39 23 00 00 9#..

(Where  is the local domain name and   is the full computer name.)

Event Type: Warning

Event Source: MRxSmb

Event Category: None

Event ID: 3034

Description:

The redirector was unable to initialize security context or query

context attributes.

Data:

0000: 00 00 08 00 02 00 56 00 ........

0008: 00 00 00 00 da 0b 00 80 .......?

0010: 00 00 00 00 5e 00 00 c0 ........

0018: 00 00 00 00 00 00 00 00 ........

0020: 00 00 00 00 00 00 00 00 ........

0028: 68 04 00 00 5e 00 00 c0 h.......

Event Type: Error

Event Source: Service Control Manager

Event Category: None

Event ID: 7001

Description:

The Microsoft Exchange Information Store service depends on the Microsoft Exchange System Attendant service which failed to start because of the following error:

%%0

Event Type: Error

Event Source: Service Control Manager

Event Category: General

Event ID: 7001

Description:

The Microsoft Exchange POP3 service depends on the Microsoft Exchange Information Store service which failed to start because of the following error:

The dependency service or group failed to start.

Event Type: Warning

Event Source: MRxSmb

Event Category: General

Event ID: 3034

Description:

The redirector was unable to initialize security context or query context attributes.

Data:

0000: 00 00 08 00 02 00 56 00 ........

0008: 00 00 00 00 da 0b 00 80 .......?

0010: 00 00 00 00 5e 00 00 c0 ........

0018: 00 00 00 00 00 00 00 00 ........

0020: 00 00 00 00 00 00 00 00 ........

0028: 68 04 00 00 5e 00 00 c0 h.......

Event Type: Error

Event Source: Service Control Manager

Event Category: General

Event ID: 7001

Description:

The Microsoft Exchange IMAP4 service depends on the Microsoft Exchange Information Store service which failed to start because of the following error:

The dependency service or group failed to start.

Event Type: Information

Event Source: Application Popup

Event Category: None

Event ID: 26

Description:

Application popup: Service Control Manager : At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details.

Event Type: Warning

Event Source: MRxSmb

Event Category: None

Event ID: 3034

Description:

The redirector was unable to initialize security context or query context attributes.

Data:

0000: 00 00 08 00 02 00 56 00 ......V.

0008: 00 00 00 00 da 0b 00 80 .......?

0010: 00 00 00 00 5e 00 00 c0 ........

0018: 00 00 00 00 00 00 00 00 ........

0020: 00 00 00 00 00 00 00 00 ........

0028: 68 04 00 00 5e 00 00 c0 h.......

Event Type: Error

Event Source: NETLOGON

Event Category: None

Event ID: 5775

Description:

Deregistration of the DNS record

'_kerberos._tcp.dc._msdcs. . 600 IN SRV 0 100 88

&quot; .' failed with the following error:

DNS bad key. Data: 0000: 39 23 00 00 9#..

(Where  is the local domain name and   is the full computer name.)

Event Type: Error

Event Source: NETLOGON

Event Category: None

Event ID: 5775

Description:

Deregistration of the DNS record

'_kerberos._tcp. . 600 IN SRV 0 100 88

&quot; &quot;.' failed with the following error:

DNS bad key.

Data:

0000: 39 23 00 00 9#..

</li></ul>

<div class="cause_section">

CAUSE
Active Directory requires the Kerberos Key Distribution Center service for authentication. The symptoms that are described earlier in this article may occur if the Kerberos Key Distribution Center service is disabled.

<div class="resolution_section">

RESOLUTION
To turn on the Kerberos Key Distribution Center service:
 * 1) Click Start, point to Programs, click Administrative Tools, and then click Services.
 * 2) In the list of services, double-click Kerberos Key Distribution Center.
 * 3) Change the Startup Type setting to Automatic.
 * 4) Click OK.
 * 5) Restart the server.

<div class="status_section">

STATUS
This behavior is by design.

<div class="references_section">