SOLUTION: "network name no longer available" with VPN, DMZ, routed subnets
From: Carol Chisholm (carol.lists@smalldomain.ch)
Date: 08/20/02
- Next message: Ramya Priya: "remote application of Local security policy"
- Previous message: David Matten: "Re: WinNT/2000 screen saver with password and Logoff?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Carol Chisholm <carol.lists@smalldomain.ch> Date: Tue, 20 Aug 2002 09:00:59 +0200
SOLUTION: "network name no longer available" with VPN, DMZ, routed
subnets
For problems joining domains, promoting servers and so on, over VPNs,
routers and with machines in separate subnets or in DMZs.
Apologies for cross posts, but I have spent ages on this and it seems
pretty obscure.
Look for fragmented UDP packets being rejected by the router or
firewall.
This behavior has been caused by fragmentation of UDP Kerberos
traffic.
RESOLUTION
To work around this network problem, it is possible to
make a registry modification on the failing server to force Kerberos
to
communicate over TCP instead of UDP.
This can be accomplished by doing the following:
1. If necessary, add a parameters key under
HKLM/SYSTEM/CCS/control/lsa/kerberos
2. Add a MaxPacketSize dword with a value of 1 to
HKLM/SYSTEM/CCS/control/lsa/kerberos/parameters.
3. Reboot the server.
Thanks to John who provided the answer and Jason who remembered it!
Carol Chisholm
- Next message: Ramya Priya: "remote application of Local security policy"
- Previous message: David Matten: "Re: WinNT/2000 screen saver with password and Logoff?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
