因使用遠端桌面,連線至Server 2003,發現在輸入帳號與密碼後,畫面只會閃一下,而無法進入遠端電腦,至該遠端電腦,以本機方式登入系統,確認可正常登入,經檢查Even Log發現,在System Log會出現來源為KsaSrv ID碼為6035之錯誤訊息,其Log內容如下:
在登入過程中,使用者的安全性內容累積太多識別碼,這是不尋常的狀況,請從一些通用或本機群組中,移除使用者來減少安全性識別碼的數目,以便傳入安全性內容中
目前嘗試過,把安全性 Log清除,以及檢查相關帳號之設定,皆無法修復,但若是將主機重新啟動,則會恢復正常
OS:Windows Server 2003 R2 For 32 Bit,未Join Domain
H/W IBM X3550 Server
看樣子是這個帳號隸屬於太多group之類的.., 請參考下列參考資料:
http://kb.prismmicrosys.com/evtpass/evtPages/EventId_6035_LsaSrv_49595.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;275266
http://download.microsoft.com/download/8/f/3/8f36dfe4-47d0-4775-ad5a-5614384921aa/AccessTokenLimitation.doc
微軟曾對此問題整理文件說明
he access token limitation is particularly problematic for domain controllers. A domain controller which has reached the access token limitation is no longer able to authenticate with other domain controllers, resulting in services such as replication no longer functioning.
If a replication failure on a domain controller occurs due to an access token limitation problem, errors such as the following appear in the Event Log:
• System
• Source: LSASRV
• EventID: 6035
• Message text:
During a logon attempt, the user’s security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global groups to reduce the number of security IDs to incorporate into the security context.
User's SID is S-1-5-18
If this is the Administrator account, logging on in safe mode will enable Administrator to log on by automatically restricting group memberships.
For Event 6035, you receive more than one of these System errors. You get multiple errors for the Domain Controllers group which is locked out and errors for the specific domain controller which had the access token limitation problem. In the message text above, the number in "User's SID is S-1-5-18" is a variable unique to each domain controller.