Wednesday, September 30, 2009

Event ID: 10 (And how to force Kerberos to use TCP instead of UDP)

I've only ever seen this on computers or servers that are trying to authenticate over slow/high latency VPN tunnels at remote offices. Usually the machine will log event ID 10:

"The kerberos subsystem is having problems fetching tickets from your domain controller using the UDP network protocol. This is typically due to network problems. Please contact your system administrator."

This event will usually be logged along with numerous other problems such as LSA events, problems logging into machines, and issues with Outlook (if connected to an exchange server over a VPN tunnel).

The solution is to force the machine to use TCP instead of UDP for Kerberos. The UDP Kerberos packets are being fragmented, and will be dropped if they arrive out of order, thus usually appearing when a high latency VPN tunnel is involved.

Open the registry editor and navigate to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters

If Parameters doesn't exist, create it. Next, add a DWORD called MaxPacketSize and set a decimal value of 1. Restart the machine.

More info about this can be found here: http://support.microsoft.com/kb/244474
Posted by Mondo at 6:04 AM 0 comments
Labels:

Tuesday, September 29, 2009

Cannot start Microsoft Office Outlook. Unable to open the Outlook window

If you see the error "Cannot start Microsoft Office Outlook. Unable to open the Outlook window" upon starting Outlook, you can fix this by running outlook.exe /resetnavpane.

Click start->run, enter outlook.exe /resetnavpane, and press OK.
Posted by Mondo at 8:28 AM 0 comments
Labels:

Friday, September 25, 2009

Windows 7 and Vista Classic Login Screen

To get the classic XP style login where the user must input their username and password every time, some settings can be changed in the Local Security Policy.

Open the Local Security Policy management console. Open Control Panel->Administrative Tools->Local Security Policy. You can also do Start->Run->secpol.msc

Expand Local Policies->Security Options. Set Interactive Logon: Do not require CTRL-ALT-DEL, and Interactive Logon: Do not display last user name to Enabled.

Reboot.
Posted by Mondo at 6:54 AM 1 comments
Labels: , ,

Friday, September 4, 2009

Outlook 2007 "Could not install the custom actions. The object could not be foud"

If you're getting the message "Could not install the custom actions. The object could not be found." in Outlook 2007, try deleting frmcache.dat. On Windows 7 and Vista it is found in:
C:\Users\USERNAME\AppData\Local\Microsoft\FORMS\frmcache.dat

On Windows XP it should be located in:
C:\documents and settings\USERNAME\local settings\application data\microsoft\forms\FRMCACHE.DAT

Note: The file is a hidden system file.


Posted by Mondo at 7:06 AM 0 comments
Labels:
Subscribe to: Posts (Atom)