Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Unable to create real-time alerts
KB1623 | Last review: May 29, 2013 | Netwrix Auditor for Active Directory | 7.0 and above
|Symptoms||The first time you create a real-time alert, you see the following errors:
Also in the event viewer System log you can find events like this:
|Cause||By default, Kerberos uses connectionless UDP datagram packets. Depending on a variety of factors including security identifier (SID) history and group membership, some accounts will have larger Kerberos authentication packet sizes. Depending on the network hardware configuration, these larger packets have to be fragmented when going through a network. The problem is caused by fragmentation of these large UDP Kerberos packets. Because UDP is a connectionless protocol, fragmented UDP packets will be dropped if they arrive at the destination out of order.
|Resolution||According to the following Microsoft TechNet Article, please force Kerberos to use the TCP instead of the UDP network protocol, because TCP is connection oriented, it is a more reliable means of transport across the network. Even if the packets are dropped, the server will re-request the missing data packet.
To do this, follow these steps:
Was this information helpful?