KCD: KRB_ERR_RESPONSE_TOO_BIG: Response too big for UDP (Token Error)

Error:

Error A: 0x34 - KRB_ERR_RESPONSE_TOO_BIG: Response too big for UDP (Token Error).

This is observed in both same domain and cross domain KCD configurations. 

 

Cause:

If the kerberos token retrieved from the KDC of the Domain Controller is too large, you will receive this error. It can be confirmed in the Wireshark trace.

 

Resolution:

1. Start regedit on the SEG server.
2. Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters.
3. Create a Dword called MaxPacketSize.
4. Change the value of the Dword to 1.

The images below display how to change it within the registry.

11.png

 

12.png

Have more questions? Submit a request

0 Comments

Article is closed for comments.