How to force Kerberos over TCP

Did you know that Kerberos uses UDP by default?
Did you know that the max size of a datagram packet for Windows 2003 is 1465 bytes?
Did you know that the max size of a datagram packet for Windows XP and 2000 is 2000 bytes?

Why is this relavent you ask?

Simple. If you are using the default settings for Kerberos authentication (the default for internal OCS connections) and you are a member of a lot of AD groups, then your Kerberos ticket may be too big for UDP and will be rejected by the server because it was truncated.

http://support.microsoft.com/default.aspx/kb/244474

How to force Kerberos to use TCP instead of UDP

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters
Note If the Parameters key does not exist, create it now.
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type MaxPacketSize, and then press ENTER.
5. Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK.
6. Quit Registry Editor.
7. Restart your computer.