Специальные инструменты возвращают ошибку «Реферал был возвращен сервером»

4443
Synetech

Всякий раз, когда я пытаюсь запустить экранную клавиатуру (или любую другую утилиту Windows для упрощения доступа), я получаю сообщение об ошибке A referral was returned by the server, а затем Windows спрашивает меня, хочу ли я удалить (предположительно) сломанный ярлык.

Раньше они работали, и даже сейчас они иногда работают, но обычно нет. Я не заметил каких-либо очевидных закономерностей того, когда они работают или что могло бы измениться между тем временем, когда они работают и не работают.

Исследование проблемы было бесплодным, потому что (относительно) несколько страниц, на которых упоминается ошибка, обычно заканчиваются лишь дикими догадками, некоторым несвязанным обсуждением другого стороннего программного обеспечения и всегда заканчиваются без решения.

В чем может быть проблема, и как это можно исправить?

0

1 ответ на вопрос

2
Synetech

Solution

I had this problem for a few months and eventually figured it out with a bit of testing. It turns out the problem occurs if the Cryptographic service is not running. Simply run the Cryptographic service, and the ease-of-access tools will run just fine.

Technical Explanation

Security

So why do the accessibility tools require the Cryptographic service? It’s because the accessibility tools are required to be accessible at any point in the system since they provide functionality to allow people to, well, access the system. Therefore, they would not be of much use if they were unavailable in restricted, elevated-privilege areas such as the login screen or UAC dialog.

Because they need to be available everywhere, including restricted areas, they must also be secure to prevent opening an attack vector which can be exploited to take advantage of the restricted areas. To do that, Windows must validate the program by checking its digital signature. To do this, it requires the Cryptographic service.

One might think that it should not need to do this when running in the regular, user-mode areas on the desktop and such, but trying to run it unconditionally in user-mode and trying to validate only in elevated areas would unnecessarily complicate it, which in turn creates more possibility of vulnerabilities. As such, Windows always validates the accessibility tools when run, and therefore always needs the Cryptographic service.

Programming Defect

(Of course it could be argued that it should run the service if it’s not already running. Good design practice would dictate that programs always check for dependencies, install or run them if not available, and return an appropriate message if they cannot. If they had done that, then this problem wouldn’t have occurred because it would automatically run the Cryptographic service and/or give an error that makes it clear exactly what the problem is as opposed to such a cryptic message.)

Other Symptoms

Also, note that if the Cryptographic service is not running, you may experience other security-related issues such as running things elevated not displaying the UAC dialog. For example, clicking the System protection link in My Computer may show the wait-cursor for a moment, then nothing happens and now clicking anywhere in the My Computer window causes Windows to ding (i.e., it is disabled). This is because consent.exe tries to run in order to show the UAC prompt, but without the Cryptographic service running, it cannot perform its task and just hangs. To fix it, you need to open the Task Manager and kill consent.exe. You will get an Incorrect function error message, and My Computer once again becomes enabled. (You still need to run the Cryptographic service to get it to actually work.)

Связанная статья: [Вопросы безопасности для вспомогательных технологий] (http://msdn.microsoft.com/en-us/library/windows/desktop/ee671610%28v=vs.85%29.aspx) and31415 10 лет назад 0