RFC 1510 dictates that a client should contact the Key Distribution Center (KDC) with a UDP datagram to port 88
at the KDC's Ip address. This may result in:
Event Log Error 5719 Source NETLOGON No Windows NT or Windows 2000 Domain Controller is available for domain Domain. The following error occurred: There are currently no logon servers available to service the logon request.If you run Netdiag, you receive:
DC list test . . . . . . . . . . . : Failed \[WARNING\] Cannot call DsBind to COMPUTERNAMEDC.domain.com (159.140.176.32).
\[ERROR_DOMAIN_CONTROLLER_NOT_FOUND\]
Kerberos test. . . . . . . . . . . : Failed \[FATAL\] Kerberos does not have a ticket for MEMBERSERVER$.\]If the
data can be fit in packets that are less than 2,000 bytes, Windows 2000 uses
UDP, otherwise it uses
TCP.
You can alter the behavior:
1. Use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters.
NOTE:: You may have to Add the Parameters sub-key.
2. At the Parameters sub-key, Add Value name MaxPacketSize, as a REG_DWORD data type, and set the data value to any Decimal number between 1 and 2000. To prevent UDP from being used, set it to 1.
0 comments
Hide comments
