Response too big for UDP, retry with TCP (Active Directory 2003)

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Jun 17 12:27:40 EDT 2004 

I do not understand what your problem is.
Are you trying to prevent the use of TCP?  The text below will
allow you to force the use of TCP.

Jeffrey Altman



Vikas Gandhi wrote:
> Hi All
> I am using windows 2003 server and Active directory also. I am running
> SASL java clients where I get this problem "Response too big for UDP,
> retry with TCP".
> I went to the below site for the problem "Response too big for UDP,
> retry with TCP" and found a solution at the ms site but this was not
> of any use at all.
> 
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx#XSLTsection128121120120
> 
> By default, Windows 2000 and Windows XP use UDP when the data can be
> fit in packets under 2,000 bytes. Any data above this value uses TCP
> to carry the packets. The value of 2,000 bytes is configurable by
> modifying a registry key and value.
> 
> 1.         Start Registry Editor. 
> 
> 2.         Locate and then click the following key in the registry: 
> 
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
> Kerberos\Parameters
> 
> If the Parameters key does not exist, you can create it now. 
> 
> 3.         On the Edit menu, click Add Value, and then add the
> following registry value:
> 
> Value Name: MaxPacketSize
> Data Type: REG_DWORD
> Value: any integer value in the range 1 to 2000 (in bytes)
> 
> 4.         Quit Registry Editor. 
> 
> 5.         Restart your computer.
> 
> The data value to which you set this value is the maximum size to be
> used with UDP. If the packet size exceeds this value, TCP is used.
> Again, 2,000 bytes is the default if the value is not present.
> 
> To prevent UDP from ever being used, set the value to 1; TCP will be
> used for all packets. Forcing TCP packets only is an effective
> workaround to this problem.
> 
> ---------------------------------------------------------
> Please help if someone has a solution for this problem.
> 
> --Vikas

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list