none
關於Event ID 40960 及 ID 6的警告訊息 RRS feed

  • 問題

  • 大家好

    我在Exchange 2010上的CASHT這台的event log有看到兩個警告訊息一起伴隨出來

    event ID 6:

    The kerberos SSPI package generated an output token of size 12166 bytes, which was too large to fit in the token buffer of size 12000 bytes, provided by process id 576.
     
     The output SSPI token being too large is probably the result of the user JAU@xxx.com being a member of a large number of groups.
     
     It is recommended to minimize the number of groups a user belongs to. If the problem can not be corrected by reduction of the group memberships of this user, please contact your system administrator to increase the maximum token size, which in term is configured machine-wide via the following registry value: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize.

    event ID:40960

    The Security System detected an authentication error for the server LDAP/domain controller name. The failure code from authentication protocol Kerberos was "{Buffer Too Small}
    The buffer is too small to contain the entry. No information has been written to the buffer.
     (0xc0000023)".

    2014年8月28日 上午 05:54

解答

  • Hi edison_ting

    您所說的這個問題是因為Kerberos token太大造成登入上的問題,

    此問題通常發生的情境是在Domain User登入的時候,您可以觀察是否連Domain User登入都會發生無法登入的情況,

    另外 How to use Group Policy to add the MaxTokenSize registry entry to multiple computers

    文章中提到在2012上預設會將設定提高到48000 bytes ,或是透過GPO去做設定上的修改


    請記得將對您有幫助的回覆"標示為解答"以幫助其他尋找解答及參與社群討論的朋友們。

    Please remember to click Mark as Answer on the post that helps you. This can be beneficial to other community members reading the thread.

    • 已標示為解答 edison_ting 2014年8月29日 上午 04:00
    2014年8月29日 上午 02:48

所有回覆

  • 請選擇正確的產品討論版區。

    蘇老碎碎念
    資訊無涯,回頭已不見岸
    Facebook - 微軟台灣官方論壇愛好者俱樂部
    如何在論壇正確發問,請參考iThome的文章: 如何問到我要的答案

    2014年8月28日 上午 05:56
    版主
  • 大家好

    我在Exchange 2010上的CASHT這台的event log有看到兩個警告訊息一起伴隨出來

    event ID 6:

    The kerberos SSPI package generated an output token of size 12166 bytes, which was too large to fit in the token buffer of size 12000 bytes, provided by process id 576.

    The output SSPI token being too large is probably the result of the user JAU@xxx.com being a member of a large number of groups.

    It is recommended to minimize the number of groups a user belongs to. If the problem can not be corrected by reduction of the group memberships of this user, please contact your system administrator to increase the maximum token size, which in term is configured machine-wide via the following registry value: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize.

    event ID:40960

    The Security System detected an authentication error for the server LDAP/domain controller name. The failure code from authentication protocol Kerberos was "{Buffer Too Small}
    The buffer is too small to contain the entry. No information has been written to the buffer.
    (0xc0000023)".

    • 已合併 AskaSuModerator 2014年8月29日 上午 12:25 Cross/Duplicate Post
    2014年8月28日 上午 10:24
  • 看起來應該是這位user包的群組過多了,所以才會出現這問題,但是這位user是老闆,不能刪減他的群組。

    後來上網查了一下,有看到以下這篇文章:

    http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx

    似乎是可以在本機端修改registry,不過老闆的電腦常常換,這樣每換一次電腦,就要在幫他設定,也有點麻煩。

    現在我們的AD是server 2003,今年10月就全部升級到server 2012 R2,請問將來升到2012的話,user的OS用win8.1,這個問題還會存在嗎?


    2014年8月28日 上午 10:24
  • Hi edison_ting

    您所說的這個問題是因為Kerberos token太大造成登入上的問題,

    此問題通常發生的情境是在Domain User登入的時候,您可以觀察是否連Domain User登入都會發生無法登入的情況,

    另外 How to use Group Policy to add the MaxTokenSize registry entry to multiple computers

    文章中提到在2012上預設會將設定提高到48000 bytes ,或是透過GPO去做設定上的修改


    請記得將對您有幫助的回覆"標示為解答"以幫助其他尋找解答及參與社群討論的朋友們。

    Please remember to click Mark as Answer on the post that helps you. This can be beneficial to other community members reading the thread.

    • 已標示為解答 edison_ting 2014年8月29日 上午 04:00
    2014年8月29日 上午 02:48