5

The Microsoft Key Distribution Service is not starting on my DC (kdssvc.dll) and when I look at the event log under Microsoft\Kdssvc, I see the events:

Event ID 4001 Group Key Distribution Service failed to start. Status 0x80070020.

Event ID 4007
Group Key Distribution Service cannot connect to the domain controller on local host. Status 0x80070020. Group Key Distribution Service cannot be started because of the error. Please contact administrators to resolve the issue.

The error 0x80070020 indicates a file lock of some type.

Does anyone know how I can fix this error? Troubleshooting on the net for this is a bit sparse and is confused with the KDC.

For clarification: This question is not about Kerberos, instead it's about the service account that handles Group Managed Service Accounts (gMSA), Bitlocker, and Windows Activation Services in a corporate environment.

Update here is the procmon

enter image description here

makerofthings7
  • 8,821
  • 28
  • 115
  • 196

1 Answers1

0

Validate that your DC is in the Default "Domain Controller" OU or the Service will fail. This is the only apparent impact of moving a DC that we experienced.