問題情境：
在Windows XP 中，有時候會大量有使用者無法透過Smart Card登入，但是使用帳號密碼登入的狀況似乎又都是正常的。

在Client可能會看到以下的事件(系統)：

• Kerberos 8的事件：
  Event Type: Error
  Event Source: Kerberos
  Event Category: None
  Event ID: 8
  Date: 08/19/2010
  Time: 2:28:29 PM
  User: N/A
  Computer: <MachineName>
  Description:
  The Domain Controller rejected the client certificate used for smartcard logon.
  The error data contains the information returned from the certificate validation
  process. Contact your system administrator to determine why your smartcard logon
  certificate is invalid.
  For more information, see Help and Support Center at
  <http://go.microsoft.com/fwlink/events.asp>.
  Data:
  0000: 13 20 09 80 . .?
  This event means that the user certificate was rejected by the Domain controller.
• Kerberos 9的事件：
  Event Type: Error
  Event Source: Kerberos
  Event Category: None
  Event ID: 9
  Date: 08/18/2010
  Time: 8:45:49 AM
  User: N/A
  Computer: <MachineName>
  Description:
  The client has failed to validate the Domain Controller certificate for
  <DC_Name>.domain.com. The following error was returned from the certificate
  validation process: The revocation function was unable to check revocation because
  the revocation server was offline.
  . Contact your system administrator to determine why the Domain Controller
  certificate is invalid.
  For more information, see Help and Support Center at
  <http://go.microsoft.com/fwlink/events.asp>.
  Data:
  0000: 13 20 09 80 . .?

在DCs上面可能會看到以下的事件(系統)：

• KDC 21的事件：
  Event Type: Warning
  Event Source: KDC
  Event Category: None
  Event ID: 21
  Date: 8/18/2010
  Time: 2:30:19 PM
  User: N/A
  Computer: <MachineName>
  Description:
  The client certificate for the user <DomainName>\<UserName> is not valid, and
  resulted in a
  failed smartcard logon. Please contact the user for more information about the
  certificate they're attempting to use for smartcard logon. The chain status was :
  The revocation function was unable to check revocation because the revocation server
  was offline.

問題排除的思路：

1. 從Event Log裡面，我們可以看到Information裡面回報的真實錯誤訊息是 0x80092013，這個錯誤訊息的意義如下：
     CRYPT_E_REVOCATION_OFFLINE                                     winerror.h
   # The revocation function was unable to check revocation
   # because the revocation server was offline.
   # as an HRESULT: Severity: FAILURE (1), FACILITY_SSPI (0x9), Code 0x2013
   因此，從這個問題之中，我們可以直接判斷這個問題和Client驗證Server憑證的撤銷憑證清單有關。
2. 接下來，我們可以透過以下的命令在Client端手工判斷憑證撤銷清單的功能是否正常：
   1. 取得DC使用的 "伺服器驗證"(1.3.6.1.5.5.7.3.1)的憑證，確認憑證是否正常，CRL連線位置是否可以用IE連的上；接下來把憑證複製到Client端電腦上。
   2. 在Client端下載並安裝 Windows 2003 Administration Tools Pack
   3. 插入Smart Card，並執行以下動作先確認Client端Smart Card運作正常：
      certutil.exe –scinfo
   4. 執行以下動作確認User 帳號驗證伺服器撤銷清單是否正常：
      certutil.exe /verify /urlfetch 伺服器的憑證檔案.cer
   5. 執行以下動作確認電腦帳號驗證伺服器撤銷清單是否正常：
      at.exe 現在時間的下一分鐘 /interactive c:\windows\system32\cmd.exe  (EX.  at.exe 09:35 /interactive c:\windows\system32\cmd.exe)
      
      當cmd.exe啟動之後，執行以下命令：
      certutil.exe /verify /urlfetch 伺服器的憑證檔案.cer
3. 根據上面的Event，我們應該可以在上面的幾個命令中找到發生問題的點。這個問題常見的可能原因如下：
   1. 撤銷憑證清單的伺服器無法連線。
   2. 撤銷憑證清單的伺服器需要特定驗證才能取得清單。
   3. 有設定Proxy但卻沒有正確設定的環境。
   4. DC上面的憑證內容過期或是有問題。
   5. 網路問題。

如果您要大量部署Windows Media Player 11，想要跳過使用者互動的畫面，(包含驗證系統是否正版、以及跳過安裝完成後，第一次設定Media Player11的畫面)，該如何做呢?

1.將以下的文字copy到notepad，存成一個reg檔，事先匯入此機碼。

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer]
"GroupPrivacyAcceptance"=dword:00000001

2.在安裝Media player 11時，配合/q的參數(因此需要配合在cmd.exe下執行)，此時就不會跳出任何互動式的畫面。

3.安裝完後，直接點選Media Player 的捷徑，就可以看到已經完裝完成，不會有驗證是否正版軟體的畫面(已在背景自動執行)，以及第一次設定Media Player11的畫面。

假設您的電腦連到有些網頁，左下角出現 ! 的警告，該網頁可以需要執行java script，但您的電腦無法正常執行，請嘗試以下做法，看是否能解決問題。

一、將以下的文字貼在notepad上，存成一個.bat的檔案。

@echo off
ECHO IE REPAIR

regsvr32 /s /i browseui.dll
regsvr32 /s corpol.dll
regsvr32 /s dxtmsft.dll
regsvr32 /s dxtrans.dll
regsvr32 /s "%ProgramFiles%\internet explorer\hmmapi.dll"
regsvr32 /s ieaksie.dll
regsvr32 /s ieapfltr.dll
regsvr32 /s iedkcs32.dll
regsvr32 /s "%ProgramFiles%\internet explorer\iedvtool.dll"
regsvr32 /s iepeers.dll
regsvr32 /s "%ProgramFiles%\internet explorer\ieproxy.dll"
regsvr32 /s /i /n inetcpl.cpl
regsvr32 /s jscript.dll
regsvr32 /s licmgr10.dll
regsvr32 /s msdbg2.dll
regsvr32 /s mshtmled.dll
regsvr32 /s msident.dll
regsvr32 /s mstime.dll
regsvr32 /s "%ProgramFiles%\internet explorer\pdm.dll"
regsvr32 /s tdc.ocx
regsvr32 /s /i urlmon.dll
regsvr32 /s vbscript.dll
regsvr32 /s "%CommonProgramFiles%\microsoft shared\vgx\vgx.dll"
regsvr32 /s /i /n wininet.dll
REM ******************************
echo Check
regsvr32 /s extmgr.dll
regsvr32 /s mscoree.dll
regsvr32 /s oleacc.dll
regsvr32 /s ole32.dll
regsvr32 /s actxprxy.dll
regsvr32 /s asctrls.ocx
regsvr32 /s cdfview.dll
regsvr32 /s comcat.dll
regsvr32 /s /i /n comctl32.dll
regsvr32 /s cryptdlg.dll
regsvr32 /s /i /n digest.dll
regsvr32 /s dispex.dll
regsvr32 /s hlink.dll
regsvr32 /s mlang.dll
regsvr32 /s mobsync.dll
regsvr32 /s /i msieftp.dll
regsvr32 /s msr2c.dll
regsvr32 /s msxml.dll
regsvr32 /s oleaut32.dll
regsvr32 /s proctexe.ocx
regsvr32 /s /i scrobj.dll
regsvr32 /s /i shdocvw.dll
regsvr32 /s sendmail.dll
regsvr32 /s /i ieframe.dll
echo IE8 REPAIRED
echo.

二、執行以上的bat檔。

三、如果問題仍存在，請檢查以下的機碼，是否和正常的機��有不一樣，如果有的話，請依照正常的機器來修正。(有些防毒軟體會修改以下的機碼)

HKEY_CLASSES_ROOT\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}

HKEY_CLASSES_ROOT\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}

HKEY_CLASSES_ROOT\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}

HKEY_CLASSES_ROOT\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}

HKEY_CLASSES_ROOT\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}

HKEY_CLASSES_ROOT\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}

HKEY_CLASSES_ROOT\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}

HKEY_CLASSES_ROOT\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}

四、如果您的OS是64 bit的作業系統，也請同時檢查以下的機碼。

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B54F3742-5B07-11cf-A4B0-00AA004A55E8}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B54F3743-5B07-11cf-A4B0-00AA004A55E8}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}

Windows 2003/XP 內建Script

指令新增Standard Tcp/IP 方式:

prnport -a  -r IP_1.2.3.4 -h 1.2.3.4 -o raw -n 9100

指令方式安裝本機印表機:

prnmngr -a -p "HP LaserJet 6P" -m "HP LaserJet 6p" -r "ip.1.2.3.4"

To enable logging in the Gpsvc.log file, follow these steps.

1. Click Start , click Run , type regedit , and then click OK .

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion

3. On the Edit menu, point to New , and then click Key .

4. Type Diagnostics , and then press ENTER.

5. Right-click the Diagnostics subkey, point to New , and then click DWORD Value .

6. Type GPSvcDebugLevel , and then press ENTER.

7. Right-click GPSvcDebugLevel , and then click Modify .

8. In the Value data box, type 0x30002 , and then click OK .

9. Exit Registry Editor.

10. At a command prompt, type the following command, and then press ENTER:

gpupdate /force

11. View the Gpsvc.log file in the following folder:

%windir%\debug\usermode