Maximum number of services that can logon using Domain security

  • Thread starter Thread starter Brian
  • Start date Start date
B

Brian

Greetings,

We have encountered a situation, where, we have n services logged on
using domain security (domain\user). When we go to add and start the
n+1 service, the service fails to start, there are no errors anywhere
(event logs from both the DC and the local machine). If we shut down
one service, the n+1 one 'will' start.

Is there some limit to the number of domain logons? If it's a licensing
issue, should that not be logged? We've got the apparent limit to be
somewhere around 25.

thanks in advance
Brian
 
I don't know an answer to that but on the local machine at least temporarily
be sure to enable auditing of both logon and account logon events for
success and failure, audit system events for success and failure, and
privilege use for at least failure to see if anything then is recorded that
may be helpful. --- Steve
 
Are these relatively heavy-weight services?
There are limits on some heap/stack sizes and hence number of
objects that may be instanced. Could you be bumping up against
such as this ?
 
Thanks for the reply. However, if I change the login to be a local
account, it logs in, so I don't *think* that's the problem.

Basically, we have two services. One needs the domain rights (accessing
shares on remote machines) and one does not need the domain rights. If
we start changing the ones that don't need domain rights to local login,
then, we can add more of the ones that do.

A previous post advised turning on some additional auditing, and that
sounds like a good approach at this point.
 
Interesting. I mostly only deal with volume licensed versions of server,
so perhaps you do have a licensing issue, as I find that "around 25" to
be somewhat coincidental (with retail versions at 5 and 25 CALs).
However, CAL counting is mostly only a formal exercise within the OS
as far as I have ever noticed, assuming License Manager has not been
disabled.
 
This is possibly related to the Windows Stations / Desktops limitations built
into Windows and the service code isn't properly reporting failures. I would
contact the vendor but also read the following

Check out

http://support.microsoft.com/?id=169321
http://support.microsoft.com/?id=126962
http://support.microsoft.com/?id=142676


I am not aware of anything else limiting the "types" of logons used for
services. So if it isn't this, I expect it is some other resource limitation and
the service cose simply isn't reporting errors it isn encountering, it is just
exiting or crashing.



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top