Google Verification

Tuesday, July 12, 2011

Domain Controller Certificates for Win2K8 R2

I thought I would highlight an issue (or requirements) for Domain Controller certificates issued by a Symantec PKI to Windows 2008 R2 domains for SCLO.


If the certificate doesn't contain the necessary OIDs, you will see KDC Event 29 and KDC Event 19 errors in the Event Viewer. 


You require the following OIDs:

EKU OIDs:
Server Authentication(1.3.6.1.5.5.7.3.1) 
Client Authentication (1.3.6.1.5.5.7.3.2) 
KDC Authentication (1.3.6.1.5.2.3.5) 
Smartcard Logon (1.3.6.1.4.1.311.20.2.2)

Certificate template name:
DomainController

KU:
Key Encipherment
Digital Signature


This source for this post came from a Microsoft blog here:
http://blogs.technet.com/b/instan/archive/2011/05/17/smartcard-logon-using-certificates-from-a-3rd-party-on-a-domain-controller-and-kdc-event-id-29.aspx


Finding this information is hard, so hopefully this blog will serve as an additional source for it.
Posted by barrhavenite at
Labels:

2 comments:

  1. AmitJune 8, 2012 at 5:54 AM

    nice

    ReplyDelete
  2. IdentisSeptember 3, 2019 at 12:46 AM


    Thanks for sharing information.Here is the information of IDENTIS that manufactures RFID tags:
    Smart Card

    ReplyDelete

Subscribe to: Post Comments (Atom)