Microsoft KB Archive/329642

From BetaArchive Wiki
Knowledge Base


Error messages when you open Active Directory snap-ins and Exchange System Manager

Article ID: 329642

Article Last Modified on 10/30/2006


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Small Business Server 2000 Standard Edition
  • Microsoft BackOffice Small Business Server 2000 Service Pack 1


This article was previously published under Q329642

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry


SYMPTOMS

If you open an Active Directory snap-in or the Exchange System Manager, you may receive one or more of the following error messages. However, e-mail, the domain controller, and domain function as expected.

Active Directory snap-in errors:

Error message 1

Naming Convention could not be located because:
No authority could be contacted for authentication.
Contact your system administrator to verify that your domain is properly configured and is currently online.

Error message 2

Naming information cannot be located because:
No authority could be contacted for authentication.
Contact your system administrator to verify that your domain is properly configured and is currently online.

Error message 3

The configuration information describing this enterprise is not available. No authority could be contacted for authentication.

Exchange System Manager error message:

A local error has occurred.
Facility: Win32
ID no: 8007203b
Exchange System Manager

This behavior may occur after either of the following actions occurs:

  • You apply a Small Business Server (SBS) 2000 Client Add Pack to a server before you install the SBS 2000 Components.
  • Lsass.exe prevents the server from starting correctly. Lsass.exe may prevent the server from starting correctly if any of the following conditions is true:
    • You change the drive letters.
    • You are missing an Ntds.dit file.
    • You have an inconsistent Active Directory database.


CAUSE

This behavior occurs because the Kerberos realm is defined incorrectly.

RESOLUTION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this behavior, make sure that the current Kerberos realm in the registry matches the NetBIOS domain name. To do so, follow these steps:

  1. Start Registry Editor, and then click the following subkey:

    HKEY_LOCAL_MACHINE\SECURITY

    Note: To start Registry Editor, do not use the regedit command. You must type regedt32 because regedit does not adjust permissions on registry keys.
  2. On the Security menu, click Permissions....
  3. In the Permissions dialog box, click Administrators, and then click to select the Full Control check box in the Allow column.
  4. Click OK.
  5. Locate, and then click the No Name value under the following key in the registry:

    HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAcDmN

  6. On the View menu, click Display Binary Data.
  7. In the Binary Data dialog box, click the Byte option.
  8. The Data section displays the data in hexadecimal and ASCII. Make a note of the text in the ASCII section. This is the Kerberos realm. This text should match the NetBIOS domain name of this server, which is defined in the following registry value.
  9. Locate, and then click the No Name value under the following key in the registry:

    HKEY_LOCAL_MACHINE\SECURITY\Policy\PolPrDmN

  10. On the View menu, click Display Binary Data.
  11. In the Binary Data dialog box, select the Byte option.
  12. The Data section displays the data in hexadecimal and ASCII. Make a note of the text in the ASCII section. This is the NetBIOS domain name. The Kerberos realm that you noted in Step 8 should match this text.

    If the text in Step 8 (Kerberos realm) does not match the text in Step 12, (NetBIOS domain name) continue to the next step.
  13. Click OK to close the Binary Data dialog box.
  14. Double-click the No Name value under the following key in the registry:

    HKEY_LOCAL_MACHINE\SECURITY\Policy\PolPrDmN

  15. In the Binary Editor dialog box, the data is highlighted and displayed in hexadecimal. Press CTRL+C to copy this data to the clipboard, and then click OK.
  16. Double-click the No Name value under the following key in the registry:

    HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAcDmN

  17. In the Binary Editor dialog box, the data is highlighted and displayed in hexadecimal. Press CTRL-V to paste the data from the clipboard that you copied in step 15 over the current data, and then click OK.
  18. Repeat steps 5 through 8 to verify that the Kerberos realm matches the NetBIOS domain name.
  19. Quit Registry Editor.
  20. Restart the server.


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Additional query words: smallbiz sbs 2000 sbs2k lsass bump pack

Keywords: kbprb KB329642



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/329642&oldid=182437
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki