"The kerberos subsystem is having problems fetching tickets from your domain controller using the UDP network protocol. This is typically due to network problems. Please contact your system administrator."
This event will usually be logged along with numerous other problems such as LSA events, problems logging into machines, and issues with Outlook (if connected to an exchange server over a VPN tunnel).
The solution is to force the machine to use TCP instead of UDP for Kerberos. The UDP Kerberos packets are being fragmented, and will be dropped if they arrive out of order, thus usually appearing when a high latency VPN tunnel is involved.
Open the registry editor and navigate to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
If Parameters doesn't exist, create it. Next, add a DWORD called MaxPacketSize and set a decimal value of 1. Restart the machine.
More info about this can be found here: http://support.microsoft.com/kb/244474
No comments:
Post a Comment