KDC error 7 & KCC error 1311

  • Thread starter Thread starter mike
  • Start date Start date
M

mike

I have gotten KDC eventid 7 errors on two W2K DC's in an
AD domain. When they get the errors the next morning no
one can interactively log onto the servers even locally,
they need to be powered off. The one server has been
consistently getting KCC error 1311 events, the link seems
to be very slow from it to the rest of the DC's in the
domain. I am not able to find much on these errors (from
technet or eventid.net), or why a power down is required.
I have used a patch from Microsoft that did not help fix
the issue. I have removed and readded the brigdehead Site
connectors in hopes that the auto generated links would re-
generate (which they did) and fix the problem, but the
1311 errors came back every 15 Mins and the KDC 7 errors
are still happening intermitently. Anyone have any
suggestions?
Mike
 
In
mike said:
I have gotten KDC eventid 7 errors on two W2K DC's in an
AD domain. When they get the errors the next morning no
one can interactively log onto the servers even locally,
they need to be powered off. The one server has been
consistently getting KCC error 1311 events, the link seems
to be very slow from it to the rest of the DC's in the
domain. I am not able to find much on these errors (from
technet or eventid.net), or why a power down is required.
I have used a patch from Microsoft that did not help fix
the issue. I have removed and readded the brigdehead Site
connectors in hopes that the auto generated links would re-
generate (which they did) and fix the problem, but the
1311 errors came back every 15 Mins and the KDC 7 errors
are still happening intermitently. Anyone have any
suggestions?
Mike
Click to expand...

Common cause I've seen with this issue is the clocks are off on the DCs
and/or clients. Kerberos has a 5 minute skew allowance. Anything more than 5
will cause errors.

Check to make sure all your clocks are synched up and in the same time zone
or relative time zones with their relative times, such as EST is Zulu (or
GMT) - 5. If PST, and it's set to 1pm, and EST on another server is set to
4pm, then we;re ok. If both are set to 1pm and one server is PST and the
other is EST, then we're 3 hours out of synch, and Kerberos balks at it.

If the clocks are set properly, then see this link for more info on the
errors you're getting:
http://www.eventid.net/display.asp?eventid=1311+&source=


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top