How to change the MaxTokenSize on the server computer


A couple of days back we have faced an issue where login packet used to open structurally invalid connection due to the incorrect token (less token size by default)

We decided to increase the token size (Please refer MS advice / Infra team advice as this can cause performance issues as well)

Steps:

1. On the Start menu, click Run.

2. Type regedit, and then click OK. (If the User Account Control dialog box appears, click Continue.)

3. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.

 

4. If the MaxTokenSize parameter is not present, right-click Parameters, point to New, and then click DWORD (32-bit) Value. Name the registry entry MaxTokenSize.

5. Right-click MaxTokenSize, and then click Modify.

6. In the Value data box type the desired MaxTokenSize value.

7. Click OK.

8. Close Registry Editor.

9. Restart the computer.



Note: Hexadecimal value ffff (decimal value 65535) is the maximum recommended token size. Providing this value would probably solve the problem, but could have negative computer-wide effects with regard to performance. We recommend that you establish the minimum MaxTokenSize value that allows for the largest token of any user in your organization and enters that value.


No comments:

Post a Comment