It set's the limit for UDP packet size before TCP is used instead to make sure UDP "stuff" can be contained, with overhead, within one standard ethernet packet.
I sent my reply before I saw the VPN reference, so I'm not sure it applies now. But it won't hurt to try and as I said, if it doesn't improve the situation, to remove it. Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil Sent: Thursday, April 07, 2005 8:45 AM To: 'ActiveDir@mail.activedir.org' Subject: RE: [ActiveDir] SLOWWWWWW Logons ... presumably this sets the limit for Kerberos UDP packets, before TCP is used instead? or does it simply reduce the max packet size so as to minimise fragmentation of those packets? neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Becker, Jim Sent: 07 April 2005 13:40 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SLOWWWWWW Logons Oops, be careful, it wrapped... The value is MaxPacketSize -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Becker, Jim Sent: Thursday, April 07, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SLOWWWWWW Logons This sounds very much like an issue we had and the problem had to do with UDP packet fragmentation. Perhaps you can try the following Kerberos change. If it doesn't work, remove it. Add the following Value to the registry on one of the remote workstations, reboot and try again: HKLM/System/CurrentControlSet/Control/LSA/Kerberos/Parameters/MaxPacketS ize DWORD 0x580 (1408 decimal) Jim Becker Asst. Dir. of Administrative Systems State University of New York System Administration [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, April 06, 2005 4:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] SLOWWWWWW Logons How much data are those two users pulling down from the domain controllers (network trace?) What's different about them? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Wednesday, April 06, 2005 3:38 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] SLOWWWWWW Logons I have two users amongst 50 in a remote site that no matter what PC they login to it takes forever, but if someone else logs into that PC, they log on quickly with no problems. I have already run netdiag and everything passed, I have deleted the local profile on the computer, disjoined and rejoined the domain, changed the network card, provided a different IP address, verified I can access \\domainname\sysvol\domainname and rebooted the PC as well as all the domain controllers and the routers inbetween the sites. No ports are being blocked by anything, no changes to policies have been done, no new servers have been made domain controllers and none have been demoted. There are two Global Catalogs in that AD Site, replications is working and I have not thrown the PC out the window yet. What else could be happening here? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 212.752.7300 - office 917.455.0110 - cell [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ======================================================================== ====== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ======================================================================== ====== List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/