Server 2003 System Log Souse LsaSrv ID 6035

因使用遠端桌面,連線至Server 2003,發現在輸入帳號與密碼後,畫面只會閃一下,而無法進入遠端電腦,至該遠端電腦,以本機方式登入系統,確認可正常登入,經檢查Even Log發現,在System Log會出現來源為KsaSrv ID碼為6035之錯誤訊息,其Log內容如下:
目前嘗試過,把安全性 Log清除,以及檢查相關帳號之設定,皆無法修復,但若是將主機重新啟動,則會恢復正常
OS:Windows Server 2003 R2 For 32 Bit,未Join Domain
H/W IBM X3550 Server

iT邦新手 3 級 ‧ 2009-10-16 15:24:37 查看看event log的解決方法

iT邦新手 1 級 ‧ 2010-01-11 09:30:35
he access token limitation is particularly problematic for domain controllers. A domain controller which has reached the access token limitation is no longer able to authenticate with other domain controllers, resulting in services such as replication no longer functioning.
If a replication failure on a domain controller occurs due to an access token limitation problem, errors such as the following appear in the Event Log:
• System
• Source: LSASRV
• EventID: 6035
• Message text:
During a logon attempt, the user’s security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global groups to reduce the number of security IDs to incorporate into the security context.
User's SID is S-1-5-18
If this is the Administrator account, logging on in safe mode will enable Administrator to log on by automatically restricting group memberships.
For Event 6035, you receive more than one of these System errors. You get multiple errors for the Domain Controllers group which is locked out and errors for the specific domain controller which had the access token limitation problem. In the message text above, the number in "User's SID is S-1-5-18" is a variable unique to each domain controller.