I had similar problems with one of our remote branch offices. The fix was forcing Kerberos to use TCP only. I had to add the follow key to every windows 2000 machine. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Paramet ers At the Parameters sub-key, Add Value name MaxPacketSize, as a REG_DWORD data type, and set the data value to 1 to prevent UDP from being used. -----Original Message----- From: Linn A. Boyd [mailto:linn@xxxxxxxxxxxxxxxxx]=20 Sent: Friday, March 07, 2003 3:56 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Weird Authentication Issue Background: Windows 2000 Server farm (24 Servers), connected to a Windows 2000 AD infrastructure. These are Terminal Services applications servers, and this is a network authentication issue, we believe. We are a sub domain of a larger forest (much larger). Software Installed: Windows 2000 SP3 all SP's Hotfixes as of 3/7/03 other than IE6.0, DirectX, and Media Player Citrix MetaFrame XP 1.0 FR2 all SP's Hotfixes as of 3/7/03 Office 2000 SR2 IE5.5 fully updated One access application (very rare use) Two custom applications (these have been operating sucessifuly not updated for over two years) One Terminal Emulator Application Problem: Occasionally a server will stop authenticating any type of username/password request within the farm. Then all of the citrix connections are being directed to it, thus taking down the farm because the server does not report a load change back to the citrix farm. This was not seen before the domain was migrated from a Windows NT 4.0 domain structure to an Active Directory Structure. Nothing was changed other than to go to Active Directory. Diagnosis so far: 1. This is not completely a citrix problem as you can't even authenticate to do a runas on the machine. 2. The server will accept a password, and grey the username/password/domain box, but leave that box up indefinitely, after the server hangs it doesn't matter if you try this from the console, a RDP session or an ICA session. 3. Twice we have been logged onto a machine and view what is happening with it. a. You can not FTP to anything to download a file b. You can not do a runas command to run another process. c. When trying to run netdiag.exe everything is normal and passed until the "Gathering NetBT configuration information." section starts and then netdiag.exe hangs until a Ctrl-C is applied. Other interesting facts: 1. This seems to happen only at a high load level and during the day. 2. You can not log into a local administrator account once a machine stops authenticating. 3. It doesn't seem to be a Citrix issue as everything is stopping to authenticate including the console. 4. You can look at all of the Event View logs other than the application log. 5. There are no strange failures within the log files. 6. It requires a hard power cycle to restore the server. 7. All of these servers are identical as far as OS, APPS etc. we image these servers, and we have tried to go to an image that did not have these issues when they are joined to AD we receive them. They are syspreped and the sids changed correctly for this. 8. We segregated some servers out to just serve published applications and have not seen any lockups on these servers.=3D20 Does anyone have any ideas? Has anyone seen this behavior before? ********************************************************* This Week's Sponsor - ThinPrint Simply the best print solution for Citrix Metaframe and Microsoft Terminal Services! http://www.thinprint.com ********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ********************************************************* This Week's Sponsor - ThinPrint Simply the best print solution for Citrix Metaframe and Microsoft Terminal Services! http://www.thinprint.com ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm