Been a bit since I played with this but I seem to recall it is the CLIENT that gets the reg change.
RE: #3, did you troubleshoot where the packets were being dropped at? Most likely there was a misconfigured or failing network device somewhere along the line. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Olivarez, Sergio J Mr CTNOSC/GD-NS Sent: Wednesday, April 26, 2006 5:21 PM To: [email protected] Subject: RE: [ActiveDir] Forcing Kerberos to use TCP instead of UDP 1)In my experience, yes all dc's. 2)None that I can think of. Might want to do this to clients that are having to authenticate over VPN conn. 3)In my case, when the Kerberos was allowed over UDP it caused many issues. When it was forced over TCP all problems were resolved. 4)Yes, IPSEC over WAN connections. 5)Haven't heard any complains. Read the following article by Joe, it makes some good points about it - http://www.mail-archive.com/[email protected]/msg40624.html -Sergio -----Original Message----- From: Danny [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 26, 2006 1:44 PM To: [email protected] Subject: Re: [ActiveDir] Forcing Kerberos to use TCP instead of UDP On 4/26/06, Olivarez, Sergio J Mr CTNOSC/GD-NS wrote: > Many times! What is your concern? 1) Does this change need to be made to all DC's? 2) What changes need to be made to clients and/or GPO's? 3) Will this have a short (or long) term negative impact to operations? 4) Has this been a solution for you with broken AD trusts between site to site VPN connections? 5) Is there any affect on over network traffic? Thanks, ...D List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
