Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 275266 - Last Review: October 30, 2006 - Revision: 3.5
Error message: During a logon attempt, the user's security context accumulated too many security IDs
This article was previously published under Q275266
When you try to log on to a domain or connect to a network share on a server, you may receive the following error code 1384 error message:
During a logon attempt, the user's security context accumulated too many security IDs.
This behavior occurs because Windows systems contain a limit that prevents a user's security access token from containing more than 1000 security identifiers (SIDs). This means that when a user is being validated for access rights to establish a new session with a server, that user must not be a member of more than 1000 groups in that server's domain. If this limit is exceeded, access to the server is denied, and the error code 1384 is returned to the user.
If the server that the user connects to is in a second domain (for example, if the user connects to a server in a Windows 2000 resource domain), the total number of groups the user is a member of is determined by adding the user's group membership in that second domain to the user's global group membership in their domain.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.This behavior is by design.
If a group from the user's domain is included in multiple groups in the second domain, the user's total group membership is not just incremented by one for their inclusion in this group. Instead, it is additionally incremented by the number of groups in the second domain that this group is a member of.
For example, if you add a user to a global group in their domain, and add this global group to four local groups in a second domain, the user's total group membership (and SID count) in that second domain is increased by five, instead of just being increased by one as you may expect.
APPLIES TO
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows XP Professional
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT Server 4.0 Enterprise Edition
- Windows Vista Enterprise
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business
- Windows Vista Business 64-bit Edition
- Windows Vista Ultimate
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
| kberrmsg kbnetwork kbprb KB275266 |
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please