Users Unable to Login Into Okta and Getting: NOT SPECIFIED and ErrorCode 1384 in System logs
Jun 3, 2024
Okta Classic Engine
Directories
Overview
Users are unable to log into Okta and are getting "NOT_SPECIFIED" and ErrorCode 1384 in System logs.
Applies To
  • Active Directory
  • ErrorCode 1384
  • Okta Classic Engine
Cause

According to this article System Error Code 1384 is:

ERROR_TOO_MANY_CONTEXT_IDS
1384 (0x568)
During a logon attempt, the user’s security context accumulated too many security IDs.


This behavior occurs because Windows systems contain a limit preventing a user's security access token from containing over 1,000 security identifiers (SIDs). This means that when a user is being validated for access rights to establish a new session with a server, that user must not be a member of more than 1,000 groups in that server's domain. If this limit is exceeded, access to the server is denied, and the error code 1384 is returned to the user.

If the server that the user connects to is in a second domain (for example, if the user connects to a server in a Windows 2000 resource domain), the total number of groups the user is a member of is determined by adding the user's group membership in that second domain to the user's global group membership in their domain.

Solution
Ensure the user is NOT a member of more than 1,000 groups in the server's domain.

Related References

Recommended content

No recommended content found...
Still looking for help?