Event ID 12299 — Universal and Global Group Caching

Applies To: Windows Server 2008

The Security Accounts Manager (SAM) is a service that is used during the logon process. The SAM maintains user account information, including groups to which a user belongs. The SAM is attempting to enable or disable group membership caching.

Event Details

Product: Windows Operating System
ID: 12299
Source: SAM
Version: 6.0
Message: The attempt to check whether group caching has been enabled in the Security Account Manager has failed, most likely due to lack of resources. This task has been rescheduled to run in one minute.


Check the event log again in two minutes to see if the problem persists

The Security Accounts Manager (SAM) failed to determine whether group caching was enabled. The failure is probably due to a resource error. There should be additional information in the Event Viewer event message text that describes the resource error. The SAM retries the operation every two minutes. If the problem persists, additional events are recorded in Event Viewer.

Review the Event Viewer events for indications that another software component or hardware component is failing, and then attempt to resolve that issue.


Perform the following procedure using a domain member computer that has domain administrative tools installed.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To verify that the group membership feature is working properly:

  1. Open the LDP snap-in. To open the LDP snap-in, click Start. In Start Search, type LDP, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. On the Connection menu, click Connect.
  3. In Server, type the name of a domain controller for your domain, and then click OK.
  4. On the Connection menu, click Bind:
    • If you are logged on with an account that is a member of either the Domain Admins group or the Enterprise Admins group, in the Bind dialog box, click OK.
    • If you are logged on with an account that is not a member of either the Domain Admins group or the Enterprise Admins group, select Bind with credentials, type a user name, password, and domain name for an account that is a member of at least one of these two administrative groups, and then click OK.
  5. On the Browse menu, click Modify.
  6. In Attribute, type updatecachedmemberships.
  7. In Value, type 1. Do not enter any text for DN. Click Enter.
  8. Select the Extended box, and then click Run. Click Close.
  9. If the operation is successful, LDP reports Modified.

Universal and Global Group Caching

Active Directory