General discussion

  • Creator
    Topic
  • #2188961

    Storage error AD Win2K

    Locked

    by jinxxproof ·

    Thank you in advance. I am trying to add a user to the administrators group of a computer and I am receiving the error ” not enough storage is available to complete this operation”. I am also receiving the same storage error if i try to switch to another domain controller. Any suggestions would be appreciated

All Comments

  • Author
    Replies
    • #3060883

      Reply To: Storage error AD Win2K

      by sgt_shultz ·

      In reply to Storage error AD Win2K

      guess: increase registry size?
      anything in the event log?

      • #3060882

        Reply To: Storage error AD Win2K

        by sgt_shultz ·

        In reply to Reply To: Storage error AD Win2K

        i also found this:
        Kerberos authentication may not work if user is a member of many groups
        Article ID : 280830
        Last Review : October 7, 2005
        Revision : 5.3
        SYMPTOMS
        If a user is a member of many groups either directly or because of group nesting, Kerberos authentication may not work. The Group Policy object (GPO) may not be applied to the user and the user may not be validated to use network resources.

        If the Administrator is a member of more than 70 to 80 groups there may be 2 additional symptoms: ? When logging into a DC, an event id 1000 will be generated in the system log.
        ? Running DC promo to bring up a new DC will result in “Access Denied” when entering the domain admin credentials.
        If the user has an associated logon script, the script may fail with one of the following error messages:
        Not enough storage is available to complete this operation.
        Hexadecimal values: 800a0007, 8007000e
        Decimal values: -2146828281, -2147024882
        CAUSE
        The Kerberos token has a fixed size. If a user is a member of a group either directly or by membership in another group, the security ID (SID) for that group is added to the user’s token. For a SID to be added to the user’s token, it must be communicated by using the Kerberos token. If the required SID information exceeds the size of the token, authentication does not succeed. The number of groups varies, but the limit is approximately 70 to 80 groups.

        For many operations, Windows NTLM authentication succeeds; the Kerberos authentication problem may not be evident without analysis. However, operations that include GPO application do not work at all.
        RESOLUTION
        A supported hotfix is now available…

        • #2833942

          SID

          by kathath ·

          In reply to Reply To: Storage error AD Win2K

          I was getting the same error and it had to do with the SID being too long. Security had to remove me from groups I no longer should have been in. I have not had problems since then.

      • #3115348

        Reply To: Storage error AD Win2K

        by jinxxproof ·

        In reply to Reply To: Storage error AD Win2K

        Poster rated this answer.

    • #3060827

      Reply To: Storage error AD Win2K

      by jinxxproof ·

      In reply to Storage error AD Win2K

      I have increased the reg size to no avail.Nothing in event log either. There are other users in the same group as me who receive the same error. This is the case for adding a user to administartors group on any machine in the domain.

Viewing 1 reply thread