- Jul 18 Tue 2023 11:38
自動更新無法下載更新,並記錄事件識別碼 16
- Jul 18 Tue 2023 11:33
The SNMP Event Log Extension Agent does not initialize correctly on a computer that is running Windows Vista with Service Pack 1 or Windows Server 2008
- Jul 13 Thu 2023 10:02
widows server dfsutil /pktflush
- Jul 13 Thu 2023 09:42
Windows server 2003 Microsoft-Windows-Kerberos-Key-Distribution-Center Event Id 29
| Event Id | 29 |
| Source | Microsoft-Windows-Kerberos-Key-Distribution-Center |
| Description | The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate. |
| Event Information | According to Microsoft : Cause This event is logged when the Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Resolution Request a new domain controller certificate Kerberos uses a domain controller certificate to ensure that the authentication information sent over the network is encrypted. If the certificate is missing or is no longer valid, you must delete the domain controller certificate and then request a new one. To resolve this issue: Delete the domain controller certificate that is no longer valid. Request a new certificate. To perform these procedures, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority. Delete the domain controller certificate that is no longer valid To delete the domain controller certificate that is no longer valid: 1.On the domain controller in which the issue is occurring, click Start, and then click Run. 2.Type mmc.exe, and then press ENTER. 3.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 4.Click File, and then click Add/Remove Snap-in. 5.Click Certificates, and then click Add. 6.Click Computer account, click Next, and then click Finish. 7.Click OK to open the Certificates snap-in. 8.Expand Certificates (Local computer), expand Personal, and then click Certificates. 9.Right-click the old domain controller certificate, and then click Delete. 10.Click Yes, confirming that you want to delete the certificate. 11.After the certificate is deleted, follow the procedure in the "Request a new certificate" section. Request a new certificate To request a new certificate: 1.Expand Certificates (Local computer), right-click Personal, and then click Request New Certificate. 2.Complete the appropriate information in the Certificate Enrollment Wizard for a domain controller certificate. 3.Close the Certificates snap-in. Verify To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority. To verify that the Kerberos Key Distribution Center (KDC) certificate is available and working properly: 1.Log on to a computer within your domain. 2.Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 3.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. 4.At the command prompt, type certutil -dcinfo verify, and then press ENTER. 5.If you receive a successful verification, the Kerberos KDC certificate is installed and operating correctly. |
| Reference Links | Event ID 29 from Microsoft-Windows-Kerberos-Key-Distribution-Center |
- Jul 07 Fri 2023 11:34
LDAP群組原則設定
本機原則/安全性選項
Microsoft Network Server
- Jun 16 Fri 2023 15:06
BDC使用dcdiag時檢測到錯誤
公司有兩台域控,PDC和BDC(2003 R2 SERVER),各自都有主DNS(AD集成的),昨天突然PDC宕機,BDC沒有起作用,,重啟PDC後,BDC出現異常。
用Dcdiag命令檢查,PDC沒有問題,正常;BDC發現錯誤,如下:
- Jun 16 Fri 2023 15:00
Windows Event userenv ID 5719與1053事件,Windows 無法判定使用者或電腦名稱
DC 複寫斷了, 造成各台 DC 之間不同步. 您的 dcdiag 是否只在一台 DC 上面跑過?
每一台都要跑跑看, 因為各台的狀況不一樣. 應該是 DNS 複寫出問題, 但不保證是否還有其他的問題.
另每一台 DC 也請加跑 repadmin /showrepl /all 看錯誤訊息...
這個狀況很像是有某台 DC 與其他台的 RPC 連線中斷造成的.
- Jun 16 Fri 2023 14:57
Windows server 2003 Intersite messaging service on a domain controller
Intersite Messaging (IsmServ) service enables message exchanges between computers in an environment with servers that are running the Windows Server operating system. This service is used for mail-based replication between sites. AD DS includes support for replication between sites through SMTP over IP transport. SMTP support is provided by the SMTP service.
If the Intersite Messaging service stops, messages are not exchanged, intersite messaging replication does not work, and site-routing information is not calculated for other services.
- Jun 14 Wed 2023 14:15
Windows 網路磁碟機關閉自動中斷的功能
- Jun 14 Wed 2023 08:36
windows server 2003 dhcp server backup
{{ article.title }}