Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
During a logon attempt, the user's security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context.
User's SID is <security ID>
If this is the Administrator account, logging on in safe mode will enable Administrator to log on by automatically restricting group memberships.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of LsaSrv?
See ME275266 for information about this event.
See ME838677 for a possible cause for this event.
|Private comment: Subscribers only. See example of private comment|
|Links: ME275266, ME838677|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated