We just push this registry setting out to all of our workstations: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parame ters] "MaxPacketSize"=dword:00000001
This forces all kerberos traffic to use TCP. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devan Pala Sent: Friday, July 29, 2005 10:36 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] UDP vs TCP Hi, Does anyone know if its possible to tweak a domain controller so that authentication requests from a client that exceed 2000 bytes (not sure if thats the default for Windows 2000 domains & XP) may be authenitcated by the DC. I know its possible with a regisrty hack on the client by either bumping that value or telling the client to just use TCP. We have a SOHO situation that utilizes Nortel VPN appliances and hence the authentication issue. This is a temporary location but in our business this is a frequent request. Thanks, List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/