Kerberos Ticket Size RRS feed

  • Frage

  • Hello Community!

    i noticed we have those events in eventlog on our w2k16 domain controller.

    after reading about this topic now i´m confused why this w2k16 server is using a 12k limit and not the 48k default value for w2k16.

    the value 'MaxTokenSize' under HKLM\SYSTEM\CurrentControlSet\Control\LSA\Kerberos\Parameters does not exist and therefore it should default to 48k right? why is server not doing this in my case?

    default values:

    Windows 2000 8,000 bytes
    Windows 2000 SP2 12,000 bytes
    Windows 2003 12,000 bytes
    Windows XP 12,000 bytes
    Windows Vista 12,000 bytes
    Windows 7 12,000 bytes
    Windows 2008 12,000 bytes
    Windows 2008 R2 12,000 bytes
    Windows 8 48,000 bytes
    Windows 2012 48,000 bytes
    Windows 8.1 48,000 bytes
    Windows 2012 R2 48,000 bytes
    Windows 2016 48,000 bytes

    Furthermore we do not have a gpo for setting kerberos token size. we do not have a gpo for warning about those events too. thats the second thing i´m wondering. why do we get those event 31 events if we do not have this set via gpo?

    Donnerstag, 7. Januar 2021 09:10


Alle Antworten