问题:

当域内客户端和域控之间的安全通道损坏时,会出现用户密码不能同步,域内信任关系失效(客户端访问域内共享文件、打印机时需要输入用户名和密码)。典型的日志如下:

Event Type:   Warning
Event Source:          LSASRV
Event Category:       SPNEGO (Negotiator)
Event ID:       40961
Date:            2009-9-8
Time:            15:25:14
User:            N/A
Computer:     XP-Desktop
Description:
The Security System could not establish a secured connection with the server cifs/DC01.TEST.COM.  No authentication protocol was available.

Event Type:   Warning
Event Source:          Kerberos
Event Category:       None
Event ID:       14
Date:            2009-9-8
Time:            15:25:12
User:            N/A
Computer:     XP-Desktop
Description:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential TEST\jackie.chen.

解决办法:

1)重设客户端和域控之间的安全通道,需要安装support tools,在XP计算机上操作,命令如下:
netdom reset XP-Desktop /server: DC01.TEST.COM

2)禁止储存密码,需更改注册表:
路径:[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
名称:DisableDomainCreds
数值:1