Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 6 Source: Kerberos

The kerberos SSPI package generated an output token of size 37C8 bytes, which was too large to fit in the 37B7 buffer buffer provided by process id 0. If the condition persists, please contact your system administrator.
Data: <data>.
If you receive this event when you use a Microsoft Windows Server 2003-based domain controller to join a Microsoft Windows XP-based client computer to a domain, see ME935744.
Increasing the Kerberos ticket size finally solved a series of problems in our case, not related at first glance. Some of them:
- The inability to add domain groups into a local group.
- An error message “not enough memory to complete this operation”, while using AD Sites and Services or AD Users and Computers.
- The inability to use replmon (the remote domain controllers appeared with yellow exclamation marks). See ME244474 for information on increasing the maximum Kerberos ticket size.
When I tried to rejoin a computer to the domain, I received this event. I found the solution in Microsoft’s article ME269643. I increased the maximum token size, as stated in the article and the problem was solved.
See ME244474 on how to increase the maximum Kerberos ticket size.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.