Article ID: 297869 - View products that this article applies to.
This article was previously published under Q297869
After you apply post-Windows 2000 Service Pack 1 (SP1) fixes or Windows 2000 Service Pack 2 (SP2) and modify the MaxTokenSize registry entry to increase the Kerberos token size, various Systems Management Server (SMS) administrator issues may occur. For example, you may encounter the following issues:
This issue may occur if the value of the MaxTokenSize entry is set too high. The maximum value is FFFF (hexadecimal). This value can also be entered as 65535 (decimal). A common mistake is to set the value to 65535 (hexadecimal), which is equivalent to 415029 (decimal). This value is too high.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756To resolve this issue, set the value of the MaxTokenSize entry as a decimal value. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
(http://support.microsoft.com/kb/263693/ )Group Policy may not be applied to users belonging to many groups