After installed KB890830 and KB5007247 on two DC, Microsoft-Windows-Kerberos-Key-Distribution-Center warning log is triggered nearly every 5 mins.
Also installed below fix manually.
https://support.microsoft.com/en-us/topic/kb5008603-authentication-fails-on-domain-controllers-in-certain-kerberos-scenarios-on-windows-server-2012-r2-1beea7a1-9a3c-48dd-a56d-c3cc3f5d0d50
Bus still appears those log
Please advise how to fix. Thanks.
I'm experiencing exactly the same. After installing the november updates and manually applying the out-of-band update the eventlog started filling up with these errors (sometimes also event-id 35).
Hi @EcoAxis-3844,
There is a mentioning of authentication failures with certain Kerberos delegation scenarios over here:
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#2748msgdesc
I suggest installing the latest November updates and check if it fixes the issue.
Here's an article about this:
https://www.bleepingcomputer.com/news/microsoft/new-microsoft-emergency-updates-fix-windows-server-auth-issues/
Here's also another forum thread about this:
https://community.spiceworks.com/topic/2338789-event-id-35-and-37-kerberos-on-server-2019
If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!
Best regards,
Leon
I suggest installing the latest November updates and check if it fixes the issue.
The topic is called
Server 2012 R2 std. generates Event id 37 Kerberos-Key-Distribution-Center log every 5-10 mins after applied Nov-2021 win update & kb5008603
Ok it does appear that the last Windows update have started causing these events, it is also discussed over here:
https://community.spiceworks.com/topic/2338789-event-id-35-and-37-kerberos-on-server-2019
For now there's no known official workaround/fix for this, best thing for now is to wait for Microsoft to release official information about this, perhaps in a hotfix or upcoming patch.
@LeonLaude @EcoAxis-3844 @Roxs-1469 -1469
Since we got the out of band security patch to address the previous issues.
Did we need to rollback the kb5008603 because of this warning. Is suggestable from Microsoft and AD SME's that patched already.
Both DC has installed with latest windows update and installed kb5008603 manually.
Event id 37 Kerberos-Key-Distribution-Center warning log were gone after those client computers were turned on next day. Found that log record were related to different client computer. So it liked that appeared every several minutes. Actually, every client computer name are triggered in every hour. (Not every several minutes)
Also found that less event ID 37 log were still appeared next day as those clients were not power off PC after work. The warning log won't appear again after restarted those client computers.
But still have another Event ID 35 warning log. It's related to both DC only.
Same issue as
https://community.spiceworks.com/topic/2338789-event-id-35-and-37-kerberos-on-server-2019
So this warning can be ignorable?
When client on , this warning disabled in DC.
This is described here:
https://support.microsoft.com/en-gb/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
Like many patches of Microsoft lately - this patch needs action after installing it.
Update all devices that host the Active Directory domain controller role by installing the November 9, 2021 update.
After the November 9, 2021 update has been installed on all Active Directory domain controllers for at least 7 days, we strongly suggest that you enable Enforcement mode on all Active Directory domain controllers.
Starting with the July 12, 2022 Enforcement Phase update, Enforcement mode will be enabled on all Windows domain controllers and will be required.
So these warnings are normal until all your DCs has the enforcement mode enabled. Or it is forced on July.
As it is rolled out like this - this seems to need some testing beforehand ;)
Hello, I have the same issue, someone know a fix to remediate this situation?
@ColmenaresSanchezJorgeEnrique-6866: To fix the events, you can create the registry key mentioned in the following link:
https://support.microsoft.com/en-gb/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
8 people are following this question.
