Question : Many LSA Warning

MY server is installed with SMS 2003. In the event log, it show more than 100 message continuously every morning. Each message refer to different PC. May I know the root cause?

Source: LsaSrv
Log type: Warning
Message:
During a logon attempt, the user's security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context.
User's SID is S-1-5-18
If this is the Administrator account, logging on in safe mode will enable Administrator to log on by automatically restricting group memberships.

Source:DCOM
Log type: Error
Message:
DCOM was unable to communicate with the computer PC1 using any of the configured protocols.

Source:
Type: Error
Message:
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server PC1$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time).

Answer : Many LSA Warning

""This is a very unusual situation."" I love this and just had to quote it.

Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context.
User's SID is S-1-5-18 A hash SID.

I was looking this over more thoroughly. I am beginning to believe you have a node or user that is trying to authenticate by using HASH instead of Kerberos. Hash comes from legacy machines and is the oldest form of protocol to authenticate within the domain. The order of authentication is:

HASH
LMHASH
NTLMHASH
Kerberos

If your domain controller is not set up to allow anything prior to HASH Authentication, then you might see the errors you are seeing.
_______________________________________________________________________________
User's SID is S-1-5-18 A hash SID.

"DCOM was unable to communicate with the computer PC1 using any of the configured protocols"
Of course it can't, you are using HASH to try and authenticate.

The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server PC1$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time).

Of course it isn't valid. It's not a Kerberose form of authentication.

And this: PC1$ <---Remember this dollar sign, it is a clue to your situation.
________________________________________________________________________________
So here we go with a explaination and plausible fix:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23132123.html

I think this will help you out.

Random Solutions

Windows Vista winhelp.exe

Use powershell to move exchange folder contents from one user to another?

Type and Rowtype

RecordSet to Table - Access

Outlook 2007 Color Categories

What is hte best way to image 15 new computers the same

Cannot see devices in MobileAdmin

How to limit number of routes per ip