General discussion

Locked

Storage error AD Win2K

By Jinxxproof ·
Thank you in advance. I am trying to add a user to the administrators group of a computer and I am receiving the error " not enough storage is available to complete this operation". I am also receiving the same storage error if i try to switch to another domain controller. Any suggestions would be appreciated

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to Storage error AD Win2K

guess: increase registry size?
anything in the event log?

Collapse -

by sgt_shultz In reply to

i also found this:
Kerberos authentication may not work if user is a member of many groups
Article ID : 280830
Last Review : October 7, 2005
Revision : 5.3
SYMPTOMS
If a user is a member of many groups either directly or because of group nesting, Kerberos authentication may not work. The Group Policy object (GPO) may not be applied to the user and the user may not be validated to use network resources.

If the Administrator is a member of more than 70 to 80 groups there may be 2 additional symptoms: ? When logging into a DC, an event id 1000 will be generated in the system log.
? Running DC promo to bring up a new DC will result in "Access Denied" when entering the domain admin credentials.
If the user has an associated logon script, the script may fail with one of the following error messages:
Not enough storage is available to complete this operation.
Hexadecimal values: 800a0007, 8007000e
Decimal values: -2146828281, -2147024882
CAUSE
The Kerberos token has a fixed size. If a user is a member of a group either directly or by membership in another group, the security ID (SID) for that group is added to the user's token. For a SID to be added to the user's token, it must be communicated by using the Kerberos token. If the required SID information exceeds the size of the token, authentication does not succeed. The number of groups varies, but the limit is approximately 70 to 80 groups.

For many operations, Windows NTLM authentication succeeds; the Kerberos authentication problem may not be evident without analysis. However, operations that include GPO application do not work at all.
RESOLUTION
A supported hotfix is now available...

Collapse -

SID

by Kathath In reply to

I was getting the same error and it had to do with the SID being too long. Security had to remove me from groups I no longer should have been in. I have not had problems since then.

Collapse -

by Jinxxproof In reply to

Poster rated this answer.

Collapse -

by Jinxxproof In reply to Storage error AD Win2K

I have increased the reg size to no avail.Nothing in event log either. There are other users in the same group as me who receive the same error. This is the case for adding a user to administartors group on any machine in the domain.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums