Kerberos Token Size Issue

hello community,

we running windows 2008r2 domain on several dcs, setup follows:

datacenter 1: 2 dcs on win 2012, fsmo roles here

datacenter 2: 2 dcs on win2008r2

brach locations in total 7 rodcs on windows 2008r2

problem:problem:

we have users more 700 groupmemberships in domain (access denied during login). have read lot maxtokensize value, created gpo set appropriate value registry.

before appliying gpo, domain users "normal" amount of groupmemberships log machine - after applying gpo 1 dedicated test-client, local accounts machine can login - domain users no more able log in.

my question:

where have apply registry key ? windows systems in domain ? clients , dcs ? i'm confused...

best regards,

markus

hi markus,

checkout below thread on increasing kerberos token size in windows server 2008 r2,
http://social.technet.microsoft.com/forums/en-us/2e1e414a-240b-4812-8381-3d0e7532c423/kerberos-ticket-size-increase-from-12k-to-48k?forum=winservergen

checkout below link article on ad token bloat registry settings increasing maxtokensize in windows server 2012,
http://jijitechnologies.com/resources/articles/active-directory-token-bloat.aspx

regards,
gopi
jiji technologies

Windows Server  >  Directory Services