All items based on Group Membership Access Control are not shown in RES Workspace Manager session

Version 1


    When logging on to a RES Workspace Manager session, all items based on Group Membership Access Control are not shown.
    When viewing the user information in RES Workspace Manager Workspace Preferences, the NT Group Membership list is empty.



    Enumeration of User object groupmembership fails or is incomplete.


    One of the following solutions solves the described issue:
    Solution 1.
    Check the configured Directory Services if the appropriate options are enabled and if the NetBIOS domain name is set correctly.
    When the NetBIOS domain name has not been retrieved correctly or support for Domain Local Groups and/or support for group Nesting is disabled Access Control based on Group membership might fail.
    Solution 2.
    Kerberos token size has been exceeded, the Kerberos token has a fixed size. If a user is a member of a group either directly or by membership in another group, the security ID (SID) for that group is added to the user`s token. For a SID to be added to the user`s token, it must be communicated by using the Kerberos token. If the required SID information exceeds the size of the token, authentication does not succeed. The number of groups varies, but the limit is approximately 70 to 80 groups.

      Change the MaxTokenSize in the Registry
      System key:  [HKEY_Local_Machine\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters]
      Value Name: MaxTokenSize
      Data Type:  DWORD
      Value Data:(Decimal) 65535
      After you have set this Key, the Client needs a Reboot.