tag:blogger.com,1999:blog-3920347219421157797.post5706041430326734178..comments2024-03-27T21:55:28.163-07:00Comments on Clint Boessen's Blog: Failed to change domain affiliation, hr=800704f1Clint Boessenhttp://www.blogger.com/profile/11156487394562821934noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-3920347219421157797.post-16706772252437258572012-12-19T07:15:18.794-08:002012-12-19T07:15:18.794-08:00I would like to add the next possible fix for some...I would like to add the next possible fix for someone that get the same error after the system is migrated with ADMT.<br /><br />Kerberos has a limit on the “MaxTokenSize”. If users are member of a lot of groups and subgroups the MaxTokenSize is exceeded.<br /><br />As a result, the user can’t access the SYSVOL folder. (No policies are loaded)<br />After creating a new DWORD with the name “MaxTokenSize” at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\<br />with the value <br />- fff (HEX) or<br />- 65535 (Decimal)<br />The problem was solved. <br />We hadto do this on every workstation because no logonscript or policy would load.<br /><br />Greetz Martijn ten Kate<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-69616708975281871512011-06-21T02:34:25.237-07:002011-06-21T02:34:25.237-07:00http://support.microsoft.com/default.aspx?scid=kb;...http://support.microsoft.com/default.aspx?scid=kb;EN-US;944043Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-72385348351356526422010-06-04T09:51:30.937-07:002010-06-04T09:51:30.937-07:00Ran into the same problem. I had to modify the do...Ran into the same problem. I had to modify the domain controller policy on both the source and target DCs. Worked like a charm.chifungleunghttps://www.blogger.com/profile/14964959483948749948noreply@blogger.comtag:blogger.com,1999:blog-3920347219421157797.post-65465880257014254532010-05-10T19:15:33.032-07:002010-05-10T19:15:33.032-07:00Hello Clint, this solution (http://blogs.technet.c...Hello Clint, this solution (http://blogs.technet.com/askds/archive/2009/10/19/admt-rodc-s-and-error-800704f1.aspx) may work for your issue (or others that are having this same issue) without decreasing the security of your domain.Anonymousnoreply@blogger.com