你目前正处于脱机状态,正在等待 Internet 重新连接

禁用 Kerberos 密钥分发会阻止 Exchange 服务启动

本文的发布号曾为 CHS316710
症状
您可能会遇到以下任何故障现象:
  • 当您启动基于 Windows 2000 的服务器时,在等待"准备网络连接"、"正在加载个人设置"和"正在应用个人设置"屏幕出现时可能会遇到长时间延迟。
  • 启动过程中,以下服务可能不启动:
    • Microsoft Exchange System Attendant
    • Microsoft Exchange 信息存储
    • Microsoft Exchange MTA 堆栈
    • Microsoft Exchange IMAP4
    • Microsoft Exchange POP3
    • 站间消息传递

  • 当您试图使用 Active Directory 用户和计算机管理单元时,可能会收到以下错误消息:
    Naming information cannot be located because:
    No authority could be contacted for authentication.
    Contact your system administrator that your domain is properly configured and is currently online.
  • 在 Active Directory 用户和计算机管理单元中,您可能会看到您的域的域对象旁边有一个红色的 X。您可能会收到以下错误消息:
    Windows cannot connect to the new domain because:
    No authority could be contacted for authentication.
  • 应用程序事件日志或系统事件日志中可能会记录以下任何事件:
    事件类型:错误
    事件来源:MSExchangeSA
    事件类别:General
    事件 ID:1005
    描述:
    Unexpected error A local error has occurred.Facility:Win32 ID no:
    8007203b Microsoft Exchange System Attendant occurred.

    事件类型:信息
    事件来源:MSExchangeSA
    事件类别:General
    事件 ID:1004
    描述:
    Microsoft Exchange System Attendant failed to start.

    事件类型:错误
    事件来源:MSExchangeDSAccess
    事件类别:None
    事件 ID:2064
    描述:
    Process INETINFO.EXE (PID=1264).All the remote DS Servers in use are
    not responding.

    事件类型:信息
    事件来源:Oakley
    事件类别:None
    事件 ID:542
    描述:
    The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions.All 3DES encryption used by ISAKMP/Oakley is weakened to standard DES encryption.Generally, this is benign.ISAKMP/Oakley will still be able to negotiate IP security parameters, and protect that negotiation with DES encryption.This should only be of concern if you demand that the ISAKMP/Oakley negotiation be protected with 3DES encryption.If this is the case, please contact your network administrator.

    事件类型:错误
    事件来源:Userenv
    事件类别:None
    事件 ID:1000
    描述:
    Windows cannot determine the user or computer name.Return value (1908)。

    事件类型:错误
    事件来源:NETLOGON
    事件类别:None
    事件 ID:5775
    描述:
    Deregistration of the DNS record '_gc._tcp. domainname.com .
    600 IN SRV 0 100 3268 servername.domainname.com .'
    failed with the following error:
    DNS bad key.
    Data:
    0000: 39 23 00 00 9#..
    (Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)

    事件类型:错误
    事件来源:NETLOGON
    事件类别:None
    事件 ID:5775
    描述:
    Deregistration of the DNS record
    '_ldap._tcp.gc._msdcs. domainname.com .600 IN SRV 0 100 3268
    servername.domainname.com ' failed with the following error:
    DNS bad key.
    Data:
    0000: 39 23 00 00 9#..
    (Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)

    事件类型:错误
    事件来源:NETLOGON
    事件类别:None
    事件 ID:
    描述:Deregistration of the DNS record
    '_gc._tcp."domainname.com. 600 IN SRV 0 100 3268
    " servername.domainname.com .' failed with the following error:
    DNS bad key.
    Data:
    0000: 39 23 00 00 9#..
    (Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)

    事件类型:Warning
    事件来源:MRxSmb
    事件类别:None
    事件 ID:3034
    描述:
    The redirector was unable to initialize security context or query
    context attributes.
    Data:
    0000: 00 00 08 00 02 00 56 00 ........
    0008: 00 00 00 00 da 0b 00 80 .......?
    0010: 00 00 00 00 5e 00 00 c0 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    0028: 68 04 00 00 5e 00 00 c0 h.......

    事件类型:Error
    事件来源:Service Control Manager
    事件类别:None
    事件 ID:7001
    描述:
    The Microsoft Exchange Information Store service depends on the Microsoft Exchange System Attendant service which failed to start because of the following error:
    %%0

    事件类型:Error
    事件来源:Service Control Manager
    事件类别:General
    事件 ID:7001
    描述:
    The Microsoft Exchange POP3 service depends on the Microsoft Exchange Information Store service which failed to start because of the following error:
    The dependency service or group failed to start.

    事件类型:Warning
    事件来源:MRxSmb
    事件类别:General
    事件 ID:3034
    描述:
    The redirector was unable to initialize security context or query context attributes.
    Data:
    0000: 00 00 08 00 02 00 56 00 ........
    0008: 00 00 00 00 da 0b 00 80 .......?
    0010: 00 00 00 00 5e 00 00 c0 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    0028: 68 04 00 00 5e 00 00 c0 h.......

    事件类型:Error
    事件来源:Service Control Manager
    事件类别:General
    事件 ID:7001
    描述:
    The Microsoft Exchange IMAP4 service depends on the Microsoft Exchange Information Store service which failed to start because of the following error:
    The dependency service or group failed to start.

    事件类型:Information
    事件来源:Application Popup
    事件类别:None
    事件 ID:26
    描述:
    Application popup:Service Control Manager :At least one service or driver failed during system startup.Use Event Viewer to examine the event log for details.

    事件类型:Warning
    事件来源:MRxSmb
    事件类别:None
    事件 ID:3034
    描述:
    The redirector was unable to initialize security context or query context attributes.
    Data:
    0000: 00 00 08 00 02 00 56 00 ......V.
    0008:00 00 00 00 da 0b 00 80 .......?
    0010: 00 00 00 00 5e 00 00 c0 ........
    0018: 00 00 00 00 00 00 00 00 ........
    0020: 00 00 00 00 00 00 00 00 ........
    0028: 68 04 00 00 5e 00 00 c0 h.......

    事件类型:Error
    事件来源:NETLOGON
    事件类别:None
    事件 ID:5775
    描述:
    Deregistration of the DNS record
    '_kerberos._tcp.dc._msdcs. domainname.com .600 IN SRV 0 100 88
    " servername.domainname.com .' failed with the following error:
    DNS bad key.Data:0000: 39 23 00 00 9#..
    (Where domainname.com is the local domain name and servername.domainname.com is the full computer name.)

    事件类型:Error
    事件来源:NETLOGON
    事件类别:None
    事件 ID:5775
    描述:
    Deregistration of the DNS record
    '_kerberos._tcp. domainname.com .600 IN SRV 0 100 88
    " servername.domainname.com ".' failed with the following error:
    DNS bad key.
    Data:
    0000: 39 23 00 00 9#..
原因
Active Directory 需要 Kerberos 密钥分发中心服务才能进行身份验证。如果 Kerberos 密钥分发中心服务被禁用,可能会发生本文开头描述的症状。
解决方案
打开 Kerberos 密钥分发中心服务:
  1. 单击开始,指向程序,单击管理工具,然后单击服务
  2. 从服务列表中,双击 Kerberos 密钥分发中心
  3. 启动类型设置更改为自动
  4. 单击确定
  5. 重新启动服务器。
状态
这种现象是设计使然。
参考
有关其他信息,请单击下面的文章编号,查看 Microsoft 知识库中的相应文章:
217098 Basic Overview of Kerberos Authentication in Windows 2000(Windows 2000 中的 Kerberos 身份验证基本概述)
231789 Local Logon Process for Windows 2000(Windows 2000 的本地登录过程)
sbs smallbiz
属性

文章 ID:316710 - 上次审阅时间:10/11/2002 11:08:00 - 修订版本: 1.0

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Exchange 2000 Server 标准版
  • kbprb bos2000 KB316710
反馈