Microsoft KB Archive/244671

From BetaArchive Wiki

Article ID: 244671

Article Last Modified on 3/1/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server


This article was previously published under Q244671

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SYMPTOMS

When you attempt to log on to a computer, you may receive the following error message immediately after you type your user name and password

System cannot log you on now because domain Computername is not available.

where Computername is the name of the local computer you are trying to log on to.

NOTE: This behavior can occur after you install software and restart the computer for the first time after the installation is finished, or after you start into Safe mode and attempt to log on locally.

CAUSE

This behavior can occur if the required cryptography files are missing, corrupted, or do not match the cryptography information stored in the registry (for example, if the registry is configured to use 128-bit encryption, but the 128-bit encryption files are not on the computer).

When you install certain programs and they detect that the high-encryption pack (128-bit) is installed, the version that is included with the specific program is installed. When this occurs, some files that are replaced are older versions than what are included in Windows 2000.

RESOLUTION

To resolve this issue, use one of the following methods.

Method 1: 128-Bit Encryption Pack Is Installed (High Encryption Pack)

NOTE: This is the preferred method.

Replacing the 128-Bit Files

If you are using the default Windows 2000 security provider, use the standard Windows 2000 repair options or Recovery Console to verify the required cryptography .dll files are intact. Refer to the "More Information" section of this article for file details.

To check if the Rsaenh.dll file has been replaced by an earlier version of the file:

  1. Start Recovery Console.
  2. Type cd system32, and then press ENTER.
  3. Type dir rsaenh.dll, and then press ENTER.
  4. Type ren rsaenh.dll rsaenh.old, and then press ENTER.
  5. Insert the floppy disk that contains the high encryption pack files into the floppy drive.
  6. Type copy a:\rsaenhs.dll rsaenh.dll, and then press ENTER.


NOTE: This action copies the Rsaenhs.dll file from the floppy disk to the hard disk and renames it to Rsaenh.dll. In most cases, this file is replaced with an older version.

  1. Type exit, and then press ENTER to restart the computer normally. Remove the floppy disk from the floppy disk drive.

Method 2:Restoring the Computer from 128-Bit to 56-Bit Encryption (Standard Encryption)

Use this method only if the high-encryption (128-bit) floppy disks are not available. Using this method puts the computer back to 56-bit (standard) encryption for logging on to the computer. You still need to obtain the 128-bit (high encryption) files to fully resolve the issue.

You should be able to start into Recovery Console to replace your registry to the original registry file, and then restart the computer to edit the replaced file to allow you to use the computer again.

  1. Start into Recovery Console.
  2. Use the cd (change directory) command and go to the %SystemRoot%\System32\Config folder.
  3. Rename the Software file to Software.old.
  4. Use the cd (change directory) command and go to the %SystemRoot%\Repair folder.
  5. Copy the Software hive to the Config folder (for example, copy software c:\winnt\system32\config\software).
  6. Quit Recovery Console.
  7. Restart the computer and log on normally.


NOTE: This Software hive does not contain all the changes that you have made to the computer since its initial installation. If you keep this Software file in place, you may have to reinstall all your software unless you make changes to the original file (Software.old), as outlined in the "Resolution" section of this article (Method 2).

  1. Modify the Software.old file using the steps in the "Workaround" section of this article.
  2. After you modify and save the file, restart into Recovery Console.
  3. Locate the %SystemRoot%\System32\Config\ folder.
  4. Rename the existing Software hive (for example, rename Software to Software.repair).
  5. Rename the original file that you fixed to its previous name (for example, rename Software.old to Software).


NOTE: This action puts the original Software hive with the one modification back into place so all your program settings are now back in the registry.

  1. Quit Recovery Console and restart the computer.

If these steps do not work or if this was an upgrade where the 128-bit encryption pack was installed before the upgrade, you may need to perform a parallel installation to edit the registry (steps provided in the following "Workaround" section).

WORKAROUND

To modify the registry, you must perform a parallel installation of Windows 2000 or use Recovery Console to copy the Software registry file onto removable media so you can edit the file on another computer (the Software registry file is located in the %SystemRoot%\System32\Config folder and is named Software with no extension).

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. From a computer running Windows 2000, start Registry Editor (Regedt32).
  2. From the HKEY_Local_Machine window, click the HKEY_LOCAL_MACHINE key.
  3. On the Registry menu, click Load Hive.
  4. Locate the Software file, and then double-click it.
  5. In the Key Name box, type test, and then press ENTER.
  6. Double-click the Test key, and then locate the following entry:

    Microsoft\Cryptography\Defaults\Provider Types\Type 001

  7. Double-click the Name value and change its name to Microsoft Base Cryptographic Provider v1.0.

    NOTE: This action sets the base encryption back to its default, but should allow you to log on to the system.
  8. Click the Test key.
  9. On the Registry menu, click Unload Hive.
  10. Ensure the modified Software file is placed back into the Winnt\System32\Config folder on the computer that is not working.

This change allows you to log on to the computer, but sets the encryption level back to base encryption. You may need to reinstall any encryption packs or encryption software after you make these changes to regain the encryption level you want.

MORE INFORMATION

The following list shows Microsoft encryption providers and their associated .dll file names:

  • Microsoft Base Cryptographic Provider 1.0 uses the Rsabase.dll file.
  • Microsoft Base DSS Cryptographic Provider uses the Dssbase.dll file.
  • Microsoft Enhanced Cryptographic Provider uses the Rsaenh.dll file (installed with High Encryption Pack). This file is named Rsaenhs.dll in the encryption pack, and is renamed Rsaenh.dll when installed.

NOTE: Because the Rsaenh.dll file is not included in Windows 2000 and is installed during the installation of High Encryption Pack, this file is not checked or replaced when you repair system files. You must check and replace this file using Recovery Console if the file is missing, corrupted, or an incorrect version.

REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

229716 Description of the Windows 2000 Recovery Console


235364 Description of the SET Command in Recovery Console


255669 Internet Explorer Administration Kit Builds Replace 128-Bit Encryption in Windows 2000



Additional query words: 128bit system cannot log you on now because domain win2000hotds

Keywords: kbenv kbprb KB244671



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/244671&oldid=375473
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki