| Event Id | 6035 |
| Source | LsaSrv |
| Description | During a logon attempt, the users security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context. Users SID is <SID ID> If this is the Administrator account, logging on in safe mode will enable Administrator to log on by automatically restricting group memberships. |
| Event Information | According to Microsoft: This behavior occurs because the versions of Windows that are listed at the beginning of this article contain a limit that prevents a users security access token from containing more than 1000 security identifiers (SIDs). This means that when a user is being validated for access rights to establish a new session with a server, that user must not be a member of more than 1000 groups in that servers domain. If this limit is exceeded, access to the server is denied, and the error code 1384 is returned to the user. If the server that the user connects to is in a second domain (for example, if the user connects to a server in a Windows 2000 resource domain), the total number of groups the user is a member of is determined by adding the users group membership in that second domain to the users global group membership in their domain. This issue may occur if you are a member of more than 1024 groups on the server. When you publish a new project to Project Server 2002, SharePoint Team Services from Microsoft creates new local group accounts for the new subweb that is created on the server, and adds the user to the local group account. This issue may occur if there are many subwebs on the server. |
| Reference Links | Error Message: During a Logon Attempt, the Users Security Context Accumulated Too Many Security Ids "During logon attempt, the users security context accumulated too many security ids" error message when you try to log on to Project Server 2002 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.