PSS ID Number: 830077
Article Last Modified on 3/11/2004
The information in this article applies to:
- Microsoft Windows 2000 Server
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
When you use Active Directory Replication Monitor in Microsoft Windows 2000 to manually replicate the domain, you receive the following error message:
Additionally, the following actions may produce the corresponding error messages:
- If you try to replicate domain controllers from different domains, you receive the following error message:
- When you use the Net Use command at a command prompt, you receive the following error message:
- When you use the Net Time or the Net View command at a command prompt, you receive the following error message:
- When you run the nltest /sc_query:child.root.com command at a command prompt, you receive the following error message:
CAUSE
This problem may occur when an incorrect configuration of your firewall truncates User Datagram Protocol (UDP) packets as they pass through the firewall.
RESOLUTION
To resolve this problem, modify the registry so that Kerberos uses Transmission Control Protocol (TCP) instead of UDP.
Important If you use UDP for Kerberos, your client computer may stop responding when you receive the following message: Loading your personal settings. By default, Windows 2000 and Microsoft Windows XP use UDP to carry data that fits into packets of less than 2,000 bytes. To carry packets that are greater than 2,000 bytes, Windows 2000 and Windows XP use TCP. You can configure this 2,000
-byte value by modifying a registry value. To do this, follow these steps. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
- Start Registry Editor.
- Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
Parameters
key does not exist, you can create it now. - On the Edit menu, click Add Value, and then add the following registry value:
Value Name: MaxPacketSize
Data Type: REG_DWORD
Value: any integer value in the range 1 to 2000 (in bytes) - Quit Registry Editor.
- Restart your computer.
For additional information about how to force Kerberos to use TCP, click the following article number to view the article in the Microsoft Knowledge Base:
244474 How to force Kerberos to use TCP instead of UDP
Keywords: kbSecurityServices kbwinservnetwork kbnetwork kbprb KB830077
Technology: kbwin2000Search kbwin2000Serv kbwin2000ServSearch