Response too big for UDP, retry with TCP (Active Directory 2003)

Vikas Gandhi vgandhi at quark.co.in
Wed Jun 16 11:36:43 EDT 2004


Hi All
I am using windows 2003 server and Active directory also. I am running
SASL java clients where I get this problem "Response too big for UDP,
retry with TCP".
I went to the below site for the problem "Response too big for UDP,
retry with TCP" and found a solution at the ms site but this was not
of any use at all.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx#XSLTsection128121120120

By default, Windows 2000 and Windows XP use UDP when the data can be
fit in packets under 2,000 bytes. Any data above this value uses TCP
to carry the packets. The value of 2,000 bytes is configurable by
modifying a registry key and value.

1.         Start Registry Editor. 

2.         Locate and then click the following key in the registry: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Kerberos\Parameters

If the Parameters key does not exist, you can create it now. 

3.         On the Edit menu, click Add Value, and then add the
following registry value:

Value Name: MaxPacketSize
Data Type: REG_DWORD
Value: any integer value in the range 1 to 2000 (in bytes)

4.         Quit Registry Editor. 

5.         Restart your computer.

The data value to which you set this value is the maximum size to be
used with UDP. If the packet size exceeds this value, TCP is used.
Again, 2,000 bytes is the default if the value is not present.

To prevent UDP from ever being used, set the value to 1; TCP will be
used for all packets. Forcing TCP packets only is an effective
workaround to this problem.

---------------------------------------------------------
Please help if someone has a solution for this problem.

--Vikas


More information about the Kerberos mailing list