It set's the limit for UDP packet size before TCP is used instead to
make sure UDP "stuff" can be contained, with overhead, within one
standard ethernet packet.

I sent my reply before I saw the VPN reference, so I'm not sure it
applies now.  But it won't hurt to try and as I said, if it doesn't
improve the situation, to remove it.

Jim

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ruston, Neil
Sent: Thursday, April 07, 2005 8:45 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] SLOWWWWWW Logons

... presumably this sets the limit for Kerberos UDP packets, before TCP
is used instead? or does it simply reduce the max packet size so as to
minimise fragmentation of those packets?

neil


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Becker, Jim
Sent: 07 April 2005 13:40
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SLOWWWWWW Logons


Oops, be careful, it wrapped... The value is MaxPacketSize 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Becker, Jim
Sent: Thursday, April 07, 2005 8:37 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SLOWWWWWW Logons

This sounds very much like an issue we had and the problem had to do
with UDP packet fragmentation.  Perhaps you can try the following
Kerberos change.  If it doesn't work, remove it.

Add the following Value to the registry on one of the remote
workstations, reboot and try again:

HKLM/System/CurrentControlSet/Control/LSA/Kerberos/Parameters/MaxPacketS
ize     DWORD     0x580      (1408 decimal)


Jim Becker

Asst. Dir. of Administrative Systems
State University of New York
System Administration
[EMAIL PROTECTED]


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, April 06, 2005 4:07 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] SLOWWWWWW Logons

How much data are those two users pulling down from the domain
controllers (network trace?)  What's different about them? 

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, April 06, 2005 3:38 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] SLOWWWWWW Logons

I have two users amongst 50 in a remote site that no matter what PC they
login to it takes forever, but if someone else logs into that PC, they
log on quickly with no problems.

I have already run netdiag and everything passed, I have deleted the
local profile on the computer, disjoined and rejoined the domain,
changed the network card, provided a different IP address, verified I
can access \\domainname\sysvol\domainname and rebooted the PC as well as
all the domain controllers and the routers inbetween the sites.  No
ports are being blocked by anything, no changes to policies have been
done, no new servers have been made domain controllers and none have
been demoted.  There are two Global Catalogs in that AD Site,
replications is working and I have not thrown the PC out the window yet.

What else could be happening here?

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
212.752.7300 - office
917.455.0110 - cell
[EMAIL PROTECTED]


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

========================================================================
======
This message is for the sole use of the intended recipient. If you
received this message in error please delete it and notify us. If this
message was misdirected, CSFB does not waive any confidentiality or
privilege. CSFB retains and monitors electronic communications sent
through its network. Instructions transmitted over this system are not
binding on CSFB until they are confirmed by us. Message transmission is
not guaranteed to be secure.
========================================================================
======

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to