Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Kerberos Error KRB5KRB_ERR_RESPONSE_TOO_BIG in packet capture





How to get past Kerberos Error KRB5KRB_ERR_RESPONSE_TOO_BIG in packet capture.


Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

Kerberos authentication is not working and the error shown when taking a packet capture is KRB5KRB_ERR_RESPONSE_TOO_BIG

Steps to Reproduce:  
Defect Number:  
Enhancement Number:  
Cause: There is a maximum UDP packet size in TGS_REP and Authentication Service Replies (AS_REP) messages. If the packet size exceeds this value, the KDC returns a "KRB_ERR_RESPONSE_TOO_BIG" message that requests that the client switches to TCP.
Resolution: You can change MaxPacketSize to 1 to force the clients to use Kerberos traffic over TCP. To do this, follow these steps:
  1. Start Registry Editor.
  2. Locate and then click the registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.
    Note: If the Parameters key does not exist, create it now.
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type MaxPacketSize, and then press ENTER.
  5. Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK.
  6. Quit Registry Editor.
  7. Restart your computer.

Was this article helpful?
0 out of 0 found this helpful