How increase limit of kerberos ticket size

Source: Kerberos
Event ID: 6
Type: Warning
Description: The Kerberos SSPI package generated an output token of size 2F49 bytes, which was too large to fit in the 2F48 buffer buffer provided by process id 0.  If the condition persists, please contact your system administrator.

 

If you get message up, you perhaps need to increase limit of kerberos ticket size. In this case use GPO and ADM file below

 

ADM file:

CLASS MACHINE

CATEGORY !!KERB

KEYNAME „SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters“

POLICY !!MaxToken

VALUENAME „MaxTokenSize“

VALUEON NUMERIC 65535

VALUEOFF NUMERIC 0

END POLICY

 

END CATEGORY

[strings]

KERB=“Kerberos Maximum Token Size“

MaxToken=“Kerberos MaxTokenSize“

 

You have to create register key over GPO:

Open the Group Policy Management Console (Gpmc.msc).

To do this, click Start, click Run, type gpmsc.msc, and then click OK.
In the Group Policy Management Console, right-click a Group Policy object, and then click Edit to open the Group Policy Management Editor window.
Expand Computer Configuration, expand Preferences, and then expand Windows Settings.
Right-click Registry, point to New, and then click Registry Item. The New Registry Properties dialog box   appears.
In the Action list, click Create.
In the Hive list, click

HKEY_LOCAL_MACHINE.

In the Key path list, clisk SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters.

In the Value name box, type MaxTokenSize.
In the Value type box, click to select the REG_DWORD check box.
In the Value data box, type 65535
Next to Base, click to select the Decimal check box.
Click OK

marwin se představuje:

IT Engineer Design, Implementation and Administration of Microsoft products. Active Directory and MS Exchange systems, Hyper-V, SCOM
Příspěvek byl publikován v rubrice Active Directory. Můžete si uložit jeho odkaz mezi své oblíbené záložky.