Maximum number of services that can logon using Domain security

B

Brian

Greetings,

We have encountered a situation, where, we have n services logged on
using domain security (domain\user). When we go to add and start the
n+1 service, the service fails to start, there are no errors anywhere
(event logs from both the DC and the local machine). If we shut down
one service, the n+1 one 'will' start.

Is there some limit to the number of domain logons? If it's a licensing
issue, should that not be logged? We've got the apparent limit to be
somewhere around 25.

thanks in advance
Brian
 
S

Steven L Umbach

I don't know an answer to that but on the local machine at least temporarily
be sure to enable auditing of both logon and account logon events for
success and failure, audit system events for success and failure, and
privilege use for at least failure to see if anything then is recorded that
may be helpful. --- Steve
 
R

Roger Abell [MVP]

Are these relatively heavy-weight services?
There are limits on some heap/stack sizes and hence number of
objects that may be instanced. Could you be bumping up against
such as this ?
 
B

Brian

Thanks for the reply. However, if I change the login to be a local
account, it logs in, so I don't *think* that's the problem.

Basically, we have two services. One needs the domain rights (accessing
shares on remote machines) and one does not need the domain rights. If
we start changing the ones that don't need domain rights to local login,
then, we can add more of the ones that do.

A previous post advised turning on some additional auditing, and that
sounds like a good approach at this point.
 
R

Roger Abell [MVP]

Interesting. I mostly only deal with volume licensed versions of server,
so perhaps you do have a licensing issue, as I find that "around 25" to
be somewhat coincidental (with retail versions at 5 and 25 CALs).
However, CAL counting is mostly only a formal exercise within the OS
as far as I have ever noticed, assuming License Manager has not been
disabled.
 
J

Joe Richards [MVP]

This is possibly related to the Windows Stations / Desktops limitations built
into Windows and the service code isn't properly reporting failures. I would
contact the vendor but also read the following

Check out

http://support.microsoft.com/?id=169321
http://support.microsoft.com/?id=126962
http://support.microsoft.com/?id=142676


I am not aware of anything else limiting the "types" of logons used for
services. So if it isn't this, I expect it is some other resource limitation and
the service cose simply isn't reporting errors it isn encountering, it is just
exiting or crashing.



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Services Control Manager security event 1
Failed Logon Events [Event ID 4625; Logon Type 8; Procss Name: w3wp; Process: Advapi] 1
auditing logons - someone please clear this #@#$! up. 3
Too many Logon/Logoff security log entries 5
Excessive computer account logon/logoff loggining on security log 5
Event ID 5719: No Windows NT or Windows 2000 Domain Controller is available for domain <domain>. 4
Logon local to W2k workstation using domain account 9
Kerberos requesting services using wrong user.... 1

Top