设置时钟向前后C#的UnauthorizedAccessException访问注册表
[英]UnauthorizedAccessException accessing registry after setting clocks forward c#
问题描述
I'm trying to test how our software works when faced with different clock situations (ie machines are out of sync, daylight savings time, etc). 
我正在尝试测试我们的软件在遇到不同的时钟情况(例如,机器不同步,夏令时等)时如何工作。 The test driver tries to disable the Windows Time service and modify the clocks on a remote machines using WMI. 测试驱动程序尝试禁用Windows时间服务,并使用WMI修改远程计算机上的时钟。
A strange problem I'm running into is that if I set the computer clocks ahead or behind by a large amount (say several months) I start getting UnauthorizedAccessExceptions when trying to work with the remote registry. 我遇到的一个奇怪的问题是,如果我将计算机的时钟频率提前或滞后很多(例如几个月),则在尝试使用远程注册表时会开始收到UnauthorizedAccessExceptions。
Anyone seen this behaviour before? 有人见过这种行为吗?
Update: The accounts are service accounts that will not expire. 更新:这些帐户是不会过期的服务帐户。
1 个解决方案
解决方案1
0 2014-01-09 15:14:03
Found out the problem is that Kerberos security will think that you are trying to do a reply attack since any authorization request coming in to a domain controller will look like it's coming from too far in the future (same for a request too far in the past). 发现问题在于Kerberos安全性会认为您正在尝试进行回复攻击,因为任何传入到域控制器的授权请求都看起来像是来自将来的请求(与过去请求的请求相同) )。 From what I can gather 5 minutes is the default allowable windows for clocks to be out of synch. 从我可以收集到的5分钟来看,时钟的默认允许窗口不同步。
Kerberos has strict time requirements, which means the clocks of the involved hosts must be synchronized within configured limits.
http://en.wikipedia.org/wiki/Kerberos_(protocol) http://en.wikipedia.org/wiki/Kerberos_(协议)
So I had to come up with a way to get around this to cover the unlikely scenario that time service wasn't functioning. 因此,我不得不想出一种解决此问题的方法,以解决时间服务无法正常运行的不太可能的情况。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.