Kerberos Key Distribution Center service hung on starting, ID 7022.

[Guest lucspec@gmail.com]

Hi all,

 

I got this message on a DC (Win 2k3 R2 SP2):

=============================================

Event Type: Error

Event Source: Service Control Manager

Event Category: None

Event ID: 7022

Date: 13/12/2007

Time: 12.55.29

User: N/A

Computer: SRV01

Description:

The Kerberos Key Distribution Center service hung on starting.

=============================================

 

Beside the error, everything is working fine and all the services are

positively working locally and remotely.

 

The error originates AFTER I installed two web certificates in IIS to

have the two sites working on SSL (ports 443, 444 respectively). These

two digital certificates has been issued by a "virtual" enterprise

root CA (pratically a VM with a stand alone W2k3 Standard with AD

installed) which is, indeed, NOT online.

 

First, I installed the "vm" enterprise CA certificate under the MMC-

>CERTIFICATE snap-in -> local computer -> Trusted CA ... I

rebooted ... and I did NOT get any error from the Kerberos Key

Distribution Center.

Then I installed the pending certificates under IIS and I rebooted

again. ONLY AFTER installing the web certificates, I started getting

that error from The Kerberos Key Distribution Center service :-(

 

Any hints? :-) TIA :-)

 

L/S

[Guest Jim Willsher]

RE: Kerberos Key Distribution Center service hung on starting, ID 7022

 

RE: Kerberos Key Distribution Center service hung on starting, ID 7022

 

I realise this message is two months old, but I'm repyling SOLELY for the

benefit of search-engine indexing. I also know that the OP has Win2003 and I

have SBS 2003, but I suspect the root cause is the same.

 

I've spent the last 12 hours with this problem, on a SBS 2003 machine, and

I've finally solved it (for me, anyway).

 

I did a clean install of 2003 SBS, and applied the patches etc. I then ran

inetmgr and replaced the server certificate with my GoDaddy commercial

certificate. It is *this* stage which causes the proglem (as the OP

suggested). This is my 5th SBS 2003 installation, and the FIRST time I've

installed the cert directly rather than first creating a self-signed cert

using CEICW.

 

My solution?

 

Run inetmgr again and remove the certificate. Then run CEICW and choose to

create a new certificate. Of course this will be self-signed. THEN run

inetmgr and replace the certificate with the GoDaddy cert. And that's it! No

more Kerberos hung 7022 error!

 

My guess is that the CEICW sets up the inetmgr certificate *AND* also does

something with Kerberos, but inetmgr on its own does not touch Kerberos.

 

So in a nutshell - even if you're going to be installing a commercial

certificate, make sure you run CEICW to generate a certificate at least once.

 

Hop this helps others in the future!

 

 

Jim

 

 

 

 

"lucspec@gmail.com" wrote:

> Hi all,

>

> I got this message on a DC (Win 2k3 R2 SP2):

> =============================================

> Event Type: Error

> Event Source: Service Control Manager

> Event Category: None

> Event ID: 7022

> Date: 13/12/2007

> Time: 12.55.29

> User: N/A

> Computer: SRV01

> Description:

> The Kerberos Key Distribution Center service hung on starting.

> =============================================

>

> Beside the error, everything is working fine and all the services are

> positively working locally and remotely.

>

> The error originates AFTER I installed two web certificates in IIS to

> have the two sites working on SSL (ports 443, 444 respectively). These

> two digital certificates has been issued by a "virtual" enterprise

> root CA (pratically a VM with a stand alone W2k3 Standard with AD

> installed) which is, indeed, NOT online.

>

> First, I installed the "vm" enterprise CA certificate under the MMC-

> >CERTIFICATE snap-in -> local computer -> Trusted CA ... I

> rebooted ... and I did NOT get any error from the Kerberos Key

> Distribution Center.

> Then I installed the pending certificates under IIS and I rebooted

> again. ONLY AFTER installing the web certificates, I started getting

> that error from The Kerberos Key Distribution Center service :-(

>

> Any hints? :-) TIA :-)

>

> L/S

>

[Guest newyearguy2005@googlemail.com]

Re: Kerberos Key Distribution Center service hung on starting, ID7022

 

Re: Kerberos Key Distribution Center service hung on starting, ID7022

 

On Feb 24, 6:45 am, Jim Willsher <Jim

Wills...@discussions.microsoft.com> wrote:

> I realise this message is two months old, but I'm repyling SOLELY for the

> benefit of search-engine indexing. I also know that the OP has Win2003 and I

> have SBS 2003, but I suspect the root cause is the same.

>

> I've spent the last 12 hours with this problem, on a SBS 2003 machine, and

> I've finally solved it (for me, anyway).

>

> I did a clean install of 2003 SBS, and applied the patches etc. I then ran

> inetmgr and replaced the server certificate with my GoDaddy commercial

> certificate. It is *this* stage which causes the proglem (as the OP

> suggested). This is my 5th SBS 2003 installation, and the FIRST time I've

> installed the cert directly rather than first creating a self-signed cert

> using CEICW.

>

> My solution?

>

> Run inetmgr again and remove the certificate. Then run CEICW and choose to

> create a new certificate. Of course this will be self-signed. THEN run

> inetmgr and replace the certificate with the GoDaddy cert. And that's it! No

> more Kerberos hung 7022 error!

>

> My guess is that the CEICW sets up the inetmgr certificate *AND* also does

> something with Kerberos, but inetmgr on its own does not touch Kerberos.

>

> So in a nutshell - even if you're going to be installing a commercial

> certificate, make sure you run CEICW to generate a certificate at least once.

>

> Hop this helps others in the future!

>

> Jim

>

>

thanks Jim. i had exactly same issue with GoDaddy cert and your method

has taken care of it. many thanks!