⚑ Deus Ex Machina ➽ Eventlog Lookup

Deus Ex Machina » Eventlog » Event 6 - Kerberos

Kerberos - 6


Description »
The kerberos SSPI package generated an output token of size 311A bytes, which was too large to fit in the 2EE0 buffer provided by process id 0.  If the condition persists, please contact your system administrator.
Data formatted as » WORDS
0000: c0000023 

The user's kerberos token size is larger than the computer is able to accommodate.

Typically, this happens when the user is a member of a large number of security groups.

The Kerberos token size can be increased in order to work around token bloat. This is configured in the registry, at HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, in a DWORD value called MaxTokenSize. If this key does not exist, the default values are:

Windows 20008,000
Windows 2000 SP212,000
Windows 201248,000

Although this can be set to a value of up to 65,535 (as required by RFC 4121), setting it higher than 48,000 can cause issues with some HTTP applications (due to restrictions on header length).