密钥发行中心(KDC)找不到相应的证书用于智能卡登录,或者无法验证 KDC 证书。如果不解决该问题,智能卡登录可能不会正常工作。若要更正该问题,请使用 certutil.exe 验证现有的 KDC 证书或注册新的 KDC 证书。
2010-05-20 10:00
2096 查看
密钥发行中心(KDC)找不到相应的证书用于智能卡登录,或者无法验证 KDC 证书。如果不解决该问题,智能卡登录可能不会正常工作。若要更正该问题,请使用 certutil.exe 验证现有的 KDC 证书或注册新的 KDC 证书。
参考windows 联机帮助解决。不过是英文的,
On the domain controller in which the issue is occurring, click
Start
, and then click Run
.
Type mmc.exe
, and then press ENTER.
If the User Account Control
dialog box appears, confirm
that the action it displays is what you want, and then click
Continue
.
Click File
, and then click Add/Remove
Snap-in
.
Click Certificates
, and then click
Add
.
Click Computer account
, click Next
, and
then click Finish
.
Click OK
to open the Certificates snap-in.
Expand Certificates (Local computer)
, expand
Personal
, and then click Certificates
.
Right-click the old domain controller certificate, and then click
Delete
.
Click Yes
, confirming that you want to delete the
certificate.
After the certificate is deleted, follow the procedure in the "Request a new
certificate" section.
Expand Certificates (Local
computer)
, right-click Personal
, and then click
Request New Certificate
.
Complete the appropriate information in the Certificate Enrollment Wizard
for a domain controller certificate.
Close the Certificates snap-in.
Admins
group, or you must have been delegated the
appropriate authority.
To verify that the Kerberos Key Distribution Center (KDC) certificate is
available and working properly:
Log on to a computer within your domain.
Click Start
, point to All Programs
, click
Accessories
, right-click Command Prompt
, and
then click Run as administrator
.
If the User Account Control
dialog box appears, confirm
that the action it displays is what you want, and then click
Continue
.
At the command prompt, type certutil -dcinfo verify
, and
then press ENTER.
If you receive a successful verification, the Kerberos KDC certificate is
installed and operating correctly.
Certificate Availability
参考windows 联机帮助解决。不过是英文的,
Delete the domain controller certificate that is no longer valid
To delete the domain controller certificate that is no longer valid:On the domain controller in which the issue is occurring, click
Start
, and then click Run
.
Type mmc.exe
, and then press ENTER.
If the User Account Control
dialog box appears, confirm
that the action it displays is what you want, and then click
Continue
.
Click File
, and then click Add/Remove
Snap-in
.
Click Certificates
, and then click
Add
.
Click Computer account
, click Next
, and
then click Finish
.
Click OK
to open the Certificates snap-in.
Expand Certificates (Local computer)
, expand
Personal
, and then click Certificates
.
Right-click the old domain controller certificate, and then click
Delete
.
Click Yes
, confirming that you want to delete the
certificate.
After the certificate is deleted, follow the procedure in the "Request a new
certificate" section.
Request a new certificate
To request a new certificate:Expand Certificates (Local
computer)
, right-click Personal
, and then click
Request New Certificate
.
Complete the appropriate information in the Certificate Enrollment Wizard
for a domain controller certificate.
Close the Certificates snap-in.
Verify
To perform this procedure, you must be a member of the DomainAdmins
group, or you must have been delegated the
appropriate authority.
To verify that the Kerberos Key Distribution Center (KDC) certificate is
available and working properly:
Log on to a computer within your domain.
Click Start
, point to All Programs
, click
Accessories
, right-click Command Prompt
, and
then click Run as administrator
.
If the User Account Control
dialog box appears, confirm
that the action it displays is what you want, and then click
Continue
.
At the command prompt, type certutil -dcinfo verify
, and
then press ENTER.
If you receive a successful verification, the Kerberos KDC certificate is
installed and operating correctly.
Related Management Information
KDCCertificate Availability
相关文章推荐
- R.id或者R.layout等等在使用时后面无法找找相应空间或者布局问题的解决办法
- Linux管理工作,实例讲解工作中使用ssh证书登录的实际流程,讲解ssh证书登录的配置原理,基于配置原理,解决实际工作中,windows下使用SecureCRT证书登录的各种问题,以及实现hadoo
- Communicator使用TLS方式登录提示证书验证失败问题的解决
- 关于“打开项目**时发生问题,尝试退出并重新启动应用程序。如果问题仍然存在,则可能是由于正在使用不支持的项目版本,或者项目文件可能损坏”的问题的解决办法。
- 解决设备应用程序无法申请到内存,导致设备无法正常工作的问题---优化设备虚拟内存使用
- 工作中的问题解决 -- (win2003 asp.net) Session和带页面回传的方法无法正常使用解决方案
- NGUI panel使用soft clip时,屏幕缩放后无法正常工作的问题解决
- 使用dubbo注解@Service注册服务后使用aop或者申明式事物导致无法注册的问题解决办法
- ResGen.exe 可能无法运行,因为命令行的长度为XX个字符,超过了命令的最大长度。若要解决此问题,请 (1) 删除不需要的程序集引用,或者 (2) 缩短这些引用的路径。
- 解决MetInfo(米拓)5.3版本后伪静态无法正常使用的问题
- encodeURI与encodeURIComponent方法的区别 如果你使用的get方法提交表单肯定要考虑到输入项目的编码解码问题。 解决这个问题大家一般都使用encodeURI或者en
- expect解决ssh无法使用shell直接登录的问题
- 三步解决fiddler升级后https无法通过证书验证问题
- 在应用程序级别之外使用注册为 allowDefinition=’MachineToApplication’ 的节是错误的。如果在 IIS 中没有将虚拟目录配置为应用程序,则可能导致此错误”的解决方法
- 解决thinkphp配置中,项目目录不可写,目录无法自动生成! 请使用项目生成器或者手动生成项目目录~问题
- 在WIN10系统下运行VS2013编译成功后出现:无法启动程序“.exe” 系统找不到指定文件的问题的解决方法
- 解决Linux系统安装后,root用户无法登录,提示“无法验证用户”的错误问题
- linux下mysql 使用mysql -uroot -p输入密码无法登录问题的解决
- 关于win10周年版更新后无法正常使用vc6.0问题的解决方法
- “在应用程序级别之外使用注册为 allowDefinition=’MachineToApplication’ 的节是错误的。如果在 IIS 中没有将虚拟目录配置为应用程序,则可能导致此错误”的解决方法。