You need to configure Vintela Single Signon for Java (VSJ) to use TCP only as you are having issues with UDP packets.
The UDP packet is becoming fragmented and not being passed. You may see messages like the following in the logs
[DefaultKdcResolver] Resolving KDC for realm: YOURDOMAIN.COM
[DefaultKdcResolver] Available KDC found:
YOURDC.YOURDOMAIN.COM/10.10.10.10:88
[DefaultKerberosMessageHandler] Sending message to KDC:
YOURDC.YOURDOMAIN.COM/10.10.10.10:88
[DefaultKerberosMessageHandler] Sending UDP request:
YOURDC.YOURDOMAIN.COM/10.10.10.10:88
[DefaultKerberosMessageHandler] Message send unsuccessful to KDC:
YOURDC.YOURDOMAIN.COM/10.10.10.10:88
You can make VSJ use TCP only by adding the following line to your Apache Tomcat Configuration utility in the Java options tab.
-Djcsi.kerberos.maxpacketsize=0
This specifies the max packet size it will use for UDP before using TCP, the default is 2000. Changing this to 0 will force the use of TCP only. You will need to stop and start this service on the general tab.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center