Solution:
If you are seeing this error, go to ALL of you Domain Controllers and restart the KERBEROS DISTRIBUTION KEY (KDC) service. I have done this on live DC’s without any errors or disruption in service.
Details:
I found the An Authentication Error Has Occured. The Encryption Type Requested Is not Supported by the KDC, intermittantly when trying to RDP to various Server 2008 and R2 servers.
Last week, I moved the Forest and Domain functional level to 2008 (from 2003) and a few days later I started seeing problems with my Exchange 2007 SP2 Server (on Hyper-V Server 2008 R1 on a 2008 R1 host). Specifically users were not able to connect to Exchange via Outlook, ActiveSync or BBerry Ent. Server 5 (which is on the same VM). I spent MANY hours chasing DNS, GPolicy, NIC and other settings but found that the problem went away after a reboot… that was on Friday.
The next day (Saturday), I had the same problem with Exchange. I found that if I ran GPUPDATE, it would error out and the event viewer would record:
error code 82 windows could not authenticate to the active directory service on a domain controller (LDAP Bind function call failed)
I also found that I could not get Exchange’s TRANSPORT SERVICE to restart. It would stop but fail to start.
Most of the articles I read said this related to DNS problems, but I am confident in my DNS config:
- all 4 DC’s point to themselves for DNS and one other DC for secondary DNS
- I can resolve host names throughout the network, including all of the DC’s and the server in question
- REPADMIN /SHOWREPL <DC-HOSTNAME> shows expected results
- DCDIAG and DCDIAG /FIX provide expected results
- I can use \\host-name\ of each DC and see the SYSVOL folder
- The Exchange 2007 Server 2008 problem server is NOT a DC; just a member server.
- there is only ONE subnet and one physical location/site.
After a while I was able to get GPUPDATE to function without error and after restarting all of the Exchange and Blackberry services, all appeared well. I made several small changes, but believe none of them resolved the issue, I think it was simply time that resolved this.
I ran Windows Updates on this Exchange 2007 Server 2008 R1 VM and rebooted without problem but the RDP issue remains.
When I Remote Desktop (RDP) to the server (from Win 7, or Server 2008 or even RDP from the host Server 2008 r2 server) but I can still log into the Exchange server via the Hyper-V console.
On the off chance this DC was a problem, I set the Exchange Server 08 VM in question to use DNS from two other DC’s, but that did not resolve the issue.
For more simple information on this KDC error, you find these references useful:
Hi,
thanks for that!
We ran into the same problem after an upgrade to 2008r2.
simply restarting the service seems to work.
Best regards
Markus
I am glad this helped.
Great post. It help a lot. Thank you Markus
Thanks for this awesome post. You saved me hours.
this fixed our error. thanks for the post!!
Thanks for sharing this. You are a beautiful person.
Well… I just don’t want to argue…
thanks.
Thanks a lot. I just upgraded our sysvol to use dfs and our dfs namespace stopped working some days later.
As per your solution restarting KERBEROS DISTRIBUTION KEY (KDC) service on both my DCs solved it.
Thanks! This was really useful.
Just a note to let you know this also solved our problem. Thanks.
Thanks Man! this solves my DC problem when it restarts over a failure on our eletrical architeture.
Simply reseting the service on the other 3 DCs solved the problem!
Thanks a lot, this helped me with Hyper-V replication problems after upgrading domain level from 2003 to 2008R2!