RFC 1510 dictates that a client should contact the Key Distribution Center (KDC) with a UDP datagram to port 88 at the KDC's Ip address. This may result in:

<b>Event Log Error 5719
Source NETLOGON

No Windows NT or Windows 2000 Domain Controller is available for domain Domain.
The following error occurred: There are currently no logon servers available to service the logon request.</b>
If you run Netdiag, you receive:
<b>DC list test . . . . . . . . . . . : Failed \[WARNING\] Cannot call DsBind to COMPUTERNAMEDC.domain.com (159.140.176.32).
                                     \[ERROR_DOMAIN_CONTROLLER_NOT_FOUND\]
Kerberos test. . . . . . . . . . . : Failed \[FATAL\] Kerberos does not have a ticket for MEMBERSERVER$.\]</b>
If the data can be fit in packets that are less than 2,000 bytes, Windows 2000 uses UDP, otherwise it uses TCP. You can alter the behavior:

1. Use Regedt32 to navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters.

NOTE:: You may have to Add the Parameters sub-key.

2. At the Parameters sub-key, Add Value name MaxPacketSize, as a REG_DWORD data type, and set the data value to any Decimal number between 1 and 2000. To prevent UDP from being used, set it to 1.