| 0xD | 在初始化智能卡登录库时,出现一个错误: %1 |
An error occurred while initializing the smart card logon library: %1 |
| 0x00010005 | 在从插入的智能卡中检索一个数字证书时,出现一个错误: %1 |
An error occurred while retrieving a digital certificate from the inserted smart card. %1 |
| 0x00010006 | 试图验证插入的智能卡时,出现一个错误: %1 |
An error occurred in while attempting to verify the inserted smart card: %1 |
| 0x00010007 | 在使用插入的智能卡为一份消息签名时,出现一个错误: %1 |
An error occurred while signing a message using the inserted smart card: %1 |
| 0x00010008 | 在使用插入的智能卡验证一份已签字的消息时,出现一个错误: %1 |
An error occurred while verifying a signed message using the inserted smart card: %1 |
| 0x00010009 | 在验证从插入的智能卡检索的数字证书时,出现一个错误: %1 |
An error occurred while verifying the digital certificate retrieved from the inserted smart card: %1 |
| 0x0001000A | 在使用插入的智能卡加密一份消息时,出现一个错误: %1 |
An error occurred while encrypting a message using the inserted smart card: %1 |
| 0x0001000B | 在使用插入的智能卡解密一份消息时,出现一个错误: %1 |
An error occurred while decrypting a message using the inserted smart card: %1 |
| 0x0001000C | 构造证书上下文时出错: %1 |
An error occurred while building a certificate context: %1 |
| 0x0001000E | 签名消息时出错: %1 |
An error occurred while signing a message: %1 |
| 0x0001000F | 验证签名消息时出错: %1 |
An error occurred while verifying a signed message: %1 |
| 0x00010010 | 加密消息时出错: %1 |
An error occurred while encrypting a message: %1 |
| 0x00010011 | 解密消息时出错: %1 |
An error occurred while decrypting a message: %1 |
| 0x00010012 | 检索某些提供程序参数时出错: %1 |
An error occurred while retrieving some provider parameter: %1 |
| 0x00010013 | 生成随机数时出错: %1 |
An error occurred while generating a random number: %1 |
| 0x10000038 | 经典 |
Classic |
| 0x40000004 | Kerberos 客户端收到了来自服务器 %1 的 KRB_AP_ERR_MODIFIED 错误。使用的目标名称为 %3。这表明目标服务器无法解密客户端提供的票证。如果不是在目标服务正在使用的帐户上注册目标服务器主体名称(SPN),则会出现该问题。请确保仅在服务器使用的帐户上注册目标 SPN。如果目标服务使用的目标服务帐户密码与 Kerberos 密钥发行中心上配置的密码不同,也会出现该问题。请确保服务器和 KDC 上的服务均配置为使用同一密码。如果服务器名称未完全限定,并且目标域(%2)与客户端域(%4)不同,则请检查这两个域中是否有相同名称的服务器帐户,或使用完全限定的名称标识服务器。 |
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (%2) is different from the client domain (%4), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. |
| 0x40000005 | Kerberos 客户端收到了来自服务器 %1 的 KRB_AP_ERR_TKT_NYV 错误。这表明对此服务器呈现的票证还没有生效(由于票证和服务器之间的时间差异)。请与系统管理员联系,以确保客户端和服务器的时间同步,并且领域 %2 中的密钥发行中心服务(KDC)与客户端领域中的 KDC 时间同步。 |
The Kerberos client received a KRB_AP_ERR_TKT_NYV error from the server %1. This indicates that the ticket presented to that server is not yet valid (due to a discrepancy between ticket and server time. Contact your system administrator to make sure the client and server times are synchronized, and that the time for the Key Distribution Center Service (KDC) in realm %2 is synchronized with the KDC in the client realm. |
| 0x50000002 | 错误 |
Error |
| 0x50000003 | 警告 |
Warning |
| 0x50000004 | 信息 |
Information |
| 0x70000001 | Kerberos |
Kerberos |
| 0x70000002 | 最大 |
Max |
| 0x80000003 | 收到一个 Kerberos 错误消息:%n 登录会话为 %1%n 客户端时间: %2%n 服务器时间: %3%n 错误代码: %4 %5%n 扩展错误: %6%n 客户端领域: %7%n 客户端名称: %8%n 服务器领域: %9%n 服务器名称: %10%n 目标名称: %11%n 错误文本: %12%n 文件: %13%n 行: %14%n 错误数据在记录数据中。 |
A Kerberos error message was received:%n on logon session %1%n Client Time: %2%n Server Time: %3%n Error Code: %4 %5%n Extended Error: %6%n Client Realm: %7%n Client Name: %8%n Server Realm: %9%n Server Name: %10%n Target Name: %11%n Error Text: %12%n File: %13%n Line: %14%n Error Data is in record data. |
| 0x80000006 | Kerberos SSPI 包生成了大小为 %1 字节的输出令牌,大于进程 ID %3 提供的大小为 %2 字节的令牌缓冲区,因此不合适。%n %n输出 SSPI 令牌大小可能是由于用户 %4 是大量组的成员所致。%n%n建议将用户所属的组的数量降低到最小数量。如果通过减少此用户的组成员身份无法解决该问题,请与系统管理员联系以增加最大令牌大小,该值可使用下面的注册表值分别在每台计算机上进行配置: HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters\\MaxTokenSize。 |
The Kerberos SSPI package generated an output token of size %1 bytes, which was too large to fit in the token buffer of size %2 bytes, provided by process id %3.%n %n The output SSPI token size is probably the result of the user %4 being a member of a large number of groups.%n %n It is recommended to minimize the number of groups a user belongs to. If the problem can not be corrected by reducing the group memberships of this user, contact your system administrator to increase the maximum token size, which is configured on each computer individually using the registry value: HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters\\MaxTokenSize. |
| 0x8000000A | Kerberos 子系统当前无法使用 UDP 网络协议从你的域控制器检索票证。这通常是由网络问题造成的。请与系统管理员联系。 |
The Kerberos subsystem currently cannot retrieve tickets from your domain controller using the UDP network protocol. This is typically due to network problems. Contact your system administrator. |
| 0x8000000C | 通过 VPN 连接使用智能卡时,Kerberos 子系统遇到一个错误。这通常表明在 VPN 会话过程中从读卡器中抽出了卡。一个可能的解决方案是关闭 VPN 连接,重新插入卡,然后重新建立连接。 |
While using your smart card over a VPN connection, the Kerberos subsystem encountered an error. Typically, this indicates the card has been pulled from the card reader during the VPN session. One possible solution is to close the VPN connection, reinsert the card, and establish the connection again. |
| 0x8000000D | 在凭据管理器中存储的智能卡 PIN 丢失或无效。智能卡 PIN 存储在仅适用于当前交互式登录会话的内存中,如果该卡从读卡器中取出或用户注销,则会将其删除。若要解决此错误,请将该卡置于读卡器中,打开控制面板中的“凭据管理器”,然后为凭据 %1 重新输入 PIN。 |
The smart card PIN stored in Credential Manager is missing or invalid. The smart card PIN is stored in memory only for the current interactive logon session, and is deleted if the card is removed from the card reader or when the user logs off. To resolve this error, keep the card in the reader, open Credential Manager in Control Panel, and reenter the PIN for the credential %1. |
| 0x8000000E | 存储在凭据管理器中的密码无效。这可能是由于登录的用户从该计算机或其他计算机更改密码造成的。若要解决此错误,请打开控制面板中的“凭据管理器”,然后为凭据 %1 重新输入密码。 |
The password stored in Credential Manager is invalid. This might be caused by the logged on user changing the password from this computer or a different computer. To resolve this error, open Credential Manager in Control Panel, and reenter the password for the credential %1. |
| 0x8000000F | Kerberos SSPI 包生成了大小为 %1 字节的输出令牌,大于进程 ID %3 提供的大小为 %2 字节的令牌缓冲区,因此不合适。%n%n需要修改此应用程序,以便提供大小至少为 %4 字节的令牌缓冲区。 |
The Kerberos SSPI package generated an output token of size %1 bytes, which was too large to fit in the token buffer of size %2 bytes, provided by process id %3.%n %n The application needs to be modified to supply a token buffer of size at least %4 bytes. |
| 0x80000012 | 为用户(%2)委派的 TGT 已过期。已尝试续订,但由于出现错误 %8 而失败。服务器登录会话(%1)已停止委派用户的凭据。若要以后无限制的委派成功,则用户需要再次对服务器进行身份验证。%n%nTGT 详细信息:%n 客户端: %2%n 服务器: %3%n 标志: %4%n 开始时间: %5%n 结束时间: %6%n 续订结束时间: %7 |
The delegated TGT for the user (%2) has expired. A renewal was attempted and failed with error %8. The server logon session (%1) has stopped delegating the user's credential. For future unconstrained delegation to succeed, the user needs to authenticate again to the server. %n%nTGT Details:%n Client: %2%n Server: %3%n Flags: %4%n Start Time: %5%n End Time: %6%n Renew Until: %7 |
| 0x80000013 | 域控制器的 KDC 证书不包含 KDC 扩展密钥用法(EKU): 1.3.6.1.5.2.3.5: 错误代码 %1。当使用 Windows Server Certificate Service 创建基于 Kerberos 身份验证模板的证书时,域管理员将需要获取包含该域控制器的 KDC EKU 的证书以解决此错误。 |
The KDC certificate for the domain controller does not contain the KDC Extended Key Usage (EKU): 1.3.6.1.5.2.3.5: Error Code %1. The domain administrator will need to obtain a certificate with the KDC EKU for the domain controller to resolve this error. When using Windows Server Certificate Services create a certificated based on the Kerberos Authentication Template. |
| 0x80000014 | 域控制器的 KDC 证书在使用者可选名称(SAN)属性中没有域 %1 的 DNS 名称: 错误代码 %2。当使用 Windows Server Certificate Service 创建基于 Kerberos 身份验证模板的证书时,域管理员将需要获取包含该域控制器 SAN 属性中 DNS 域名的 KDC 证书以解决此错误。 |
The KDC certificate for the domain controller does not have the DNS name of domain %1 in the Subject Alternative Name (SAN) attribute: Error Code %2. The domain administrator will need to obtain a KDC certificate with the DNS domain name in the SAN attribute for the domain controller to resolve this error. When using Windows Server Certificate Services create a certificated based on the Kerberos Authentication Template. |
| 0x90000001 | Microsoft-Windows-Security-Kerberos |
Microsoft-Windows-Security-Kerberos |
| 0x90000002 | Operational |
Operational |
| 0xB0000064 | 服务主体名称(SPN) %1 未注册,这导致 Kerberos 身份验证失败: %2。请使用 setspn 命令行工具注册 SPN。 |
The service principal name (SPN) %1 is not registered, which caused Kerberos authentication to fail: %2. Use the setspn command-line tool to register the SPN. |
| 0xB0000065 | 已在多个帐户上注册服务主体名称(SPN) %1,这导致 Kerberos 身份验证失败: %2。请使用 setspn 命令行工具标识这些帐户并删除重复的注册。 |
The service principal name (SPN) %1 is registered on multiple accounts which caused Kerberos authentication to fail: %2. Use the setspn command-line tool to identify the accounts and remove the duplicate registrations. |
| 0xB0000066 | Kerberos 密钥发行中心(KDC) %1 的证书信任验证失败: %2。请使用 CAPI2 诊断跟踪来标识验证失败的原因。 |
Trust validation of the certificate for the Kerberos Key Distribution Center (KDC) %1 failed: %2. Use the CAPI2 diagnostic traces to identify the reason for the validation failure. |
| 0xB0000067 | %1 的客户端证书的信任验证失败: %2 (在 KDC 上)。请使用 CAPI2 诊断跟踪来标识验证失败的原因。 |
Trust validation of the client certificate for %1 failed: %2 on KDC. Use the CAPI2 diagnostic traces to identify the reason for the validation failure. |
| 0xB0000068 | 域 %1 的 Kerberos 密钥发行中心(KDC)未安装证书或不支持使用以下证书登录: %2 |
The Kerberos Key Distribution Center (KDC) for the domain %1 does not have a certificate installed or does not support logon using certificates: %2 |
| 0xB0000069 | Kerberos 客户端无法检索组托管服务帐户的密码。%n%nLogonId: %1:%2%nDomainName: %3%nUserName: %4%n刷新: %5%n当前文件时间: %6%n错误代码: %7%n |
The Kerberos client could not retrieve passwords for the group managed service account.%n%nLogonId: %1:%2%nDomainName: %3%nUserName: %4%nRefresh: %5%nCurrent File Time: %6%nError Code: %7%n |
| 0xB000006A | Kerberos 客户端收到不具有 KDC EKU 的 KDC 证书(不基于 Kerberos 身份验证模板)。%n%n错误代码: %1%n |
The Kerberos client received a KDC certificate that does not have KDC EKU (not based on Kerberos Authentication Template).%n%nError Code: %1%n |
| 0xB000006B | Kerberos 客户端收到不具有匹配的域名的 KDC 证书。%n%n期望的域名: %1%n错误代码: %2%n |
The Kerberos client received a KDC certificate that does not have a matched domain name.%n%nExpected Domain Name: %1%nError Code: %2%n |
| 0xB000006C | Kerberos 客户端无法发送 Kerberos 代理请求。%n%nProxyServer:%n ServerName: %1%n ServerPort: %2%n ServerVdir: %3%n错误代码: %4%n状态代码: %5%n |
The Kerberos client could not send a Kerberos proxy request.%n%nProxyServer:%n ServerName: %1%n ServerPort: %2%n ServerVdir: %3%nError Code: %4%nStatus Code: %5%n |
| 0xB000006D | Kerberos 客户端找不到适合的凭据以使用身份验证代理:%n%nAuthProxy:%n 代理: %1%n ProxyBypass: %2%n Epoch: %3%n 支持的架构: %4%n 第一个架构: %5%n摘要式凭据:%n 已初始化: %6%n DomainAndUserName: %7%n Epoch: %8%n基本凭据:%n 已初始化: %9%n DomainAndUserName: %10%n Epoch: %11%n |
The Kerberos client could not find a suitable credential to use with the authentication proxy:%n%nAuthProxy:%n Proxy: %1%n ProxyBypass: %2%n Epoch: %3%n Supported Schemes: %4%n First Scheme: %5%nDigest Credential:%n Initialized: %6%n DomainAndUserName: %7%n Epoch: %8%nBasic Credential:%n Initialized: %9%n DomainAndUserName: %10%n Epoch: %11%n |
| 0xB00000C8 | Kerberos 客户端找不到域 %1 的域控制器: %2。Kerberos 身份验证需要与域控制器通信。 |
The Kerberos client could not locate a domain controller for domain %1: %2. Kerberos authentication requires communicating with a domain controller. |
| 0xB000012C | Kerberos 客户端已发现域 %2 的域控制器 %1。 |
The Kerberos client discovered domain controller %1 for the domain %2. |
| 0xB000012D | Kerberos 客户端将凭据管理器中的凭据用于目标:“%1”。 |
The Kerberos client used credentials from the Credential Manager for the target: '%1'. |
| 0xB000012E | Kerberos 客户端已绑定到域 %2 的域控制器 %1,但是目前无法访问此域控制器。%n%n DesiredFlags: %3%n CacheFlags: %4%n ErrorCode: %5 |
The Kerberos client was bound to domain controller %1 for the domain %2 but could not access this domain controller at the time.%n%n DesiredFlags: %3%n CacheFlags: %4%n ErrorCode: %5 |
| 0xB000012F | Kerberos 客户端更新组托管服务帐户的密码。%n%nLogonId: %1:%2%nDomainName: %3%nUserName: %4%n更新当前密码: %5%n更新旧密码: %6%n刷新: %7%n前一个文件时间: %8%n当前文件时间: %9%n |
The Kerberos client updated passwords for the group managed service account.%n%nLogonId: %1:%2%nDomainName: %3%nUserName: %4%nUpdate Current Passwords: %5%nUpdate Old Passwords: %6%nRefresh: %7%nPrevious File Time: %8%nCurrent File Time: %9%n |
| 0xC0000007 | 无法验证带数字签名的特权属性证书(PAC),此证书包含来自领域 %2 的客户端 %1 的授权信息。%n%n此错误通常是由域信任失败引起;请与系统管理员联系。 |
The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client %1 in realm %2 could not be validated.%n %n This error is usually caused by domain trust failures; Contact your system administrator. |
| 0xC0000008 | 域控制器拒绝了用于智能卡登录的用户 %2 的客户端证书。从证书验证过程中返回了下列错误: %1。 |
The domain controller rejected the client certificate of user %2, used for smart card logon. The following error was returned from the certificate validation process: %1. |
| 0xC0000009 | 客户端无法验证 %2 的域控制器证书。从证书验证过程中返回了下列错误: %1。 |
The client has failed to validate the domain controller certificate for %2. The following error was returned from the certificate validation process: %1. |
| 0xC000000B | 你的智能卡登录证书的“使用者”字段中的“可分辨名称”没有包含足够信息来识别加入非域的计算机上的适当域。请与系统管理员联系。 |
The Distinguished Name in the subject field of your smart card logon certificate does not contain enough information to identify the appropriate domain on an non-domain joined computer. Contact your system administrator. |
| 0xC0000010 | Kerberos SSPI 包在证书存储中找不到智能卡证书。若要解决此问题,请以用户 %1 身份登录,并将智能卡插入智能卡读卡器,然后使用证书管理单元检查智能卡证书是否位于用户的个人证书存储中。 |
The Kerberos SSPI package failed to find the smart card certificate in the certificate store. To remedy this failure, logon as user %1 and insert the smart card into the smart card reader, then use the Certificates snap-in to verify that the smart card certificate is in the user's personal certificate store. |
| 0xC0000011 | Kerberos SSPI 包无法找到要搜索的林或域 %1。请确保已正确配置使用林搜索顺序组策略,且此林或域可用。 |
The Kerberos SSPI package failed to locate the forest or domain %1 to search. Ensure that the Use forest search order Group Policy is correctly configured, and that this forest or domain is available. |