System Services: Kerberos Key Distribution CenterID: oval:org.secpod.oval:def:22734 | Date: (C)2015-01-07 (M)2023-07-31 |
Class: COMPLIANCE | Family: windows |
The Kerberos Key Distribution Center service enables users to log on to the network and be authenticated by the Kerberos version 5 (v5) authentication protocol.
As in other implementations of the Kerberos protocol, the Kerberos Key Distribution Center (KDC) is a single process that provides two services:
Authentication Service. This service issues ticket-granting tickets (TGTs) for connection to the ticket-granting service in its own domain or in any trusted domain. Before a client computer can request a ticket to another computer, it must request a TGT from the authentication service in its account domain. The authentication service returns a TGT for the ticket-granting service in the target computer's domain. The TGT can be reused until it expires, but first access to any domain's ticket-granting service always requires the client computer to contact the authentication service in its account domain.
Ticket-granting service. This service issues tickets for connection to computers in its own domain. When a client computer wants to access another computer, it must request a TGT and ask for a ticket to the computer. The ticket can be reused until it expires, but first access to any computer always requires contact with the ticket-granting service in the target computer's account domain.
If the Kerberos Key Distribution Center service stops, users will be unable to log on to the network and access resources.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Kerberos Key Distribution Center
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kdc!Start
Platform: |
Microsoft Windows Server 2012 R2 |