Ingolfur has written a blog post as well as a TechNet Wiki article describing how a Windows Server 2008 R2 certification authority (CA) parses certificates, especially those from a third-party (3rd party) non-Microsoft CA. He also covers the Key Distribution Center (KDC) enhanced key usage (EKU) object identifiers (OIDs) and in the blog post KDC event ID 29.
TechNet Wiki article: Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA
Blog post: Smartcard logon using certificates from a 3rd party on a Domain Controller and KDC Event ID 29
Typo: The link to the TechNet Wiki article has "uhttp" as protocol. Remove the u and the link works.