It's all about the answers!

Ask a question

How can you identify and resolve a network timeout in Kerberos authentication for the Rational Team Concert Client?


Erik Mats (105825) | asked Nov 24 '15, 5:40 a.m.
edited Nov 24 '15, 5:41 a.m.
By default Kerberos authentication for Rational Team Concert clients will work on UDP port 88. If that fails it will fail over to TCP port 88. If a firewall does not allow the UDP connection on port 88, or if the Kerberos server has been configured to only allow TCP,



One answer



permanent link
Erik Mats (105825) | answered Nov 24 '15, 5:40 a.m.
If krb5.conf on the server has this setting, then UDP port 88 will not work and the same setting needs to be in the .conf or .ini file on the client:
udp_preference_limit = 1                                               

In order to identify whether this is the problem, capture standard output from the client to a file (eclipse.exe > stdout.log), then check that file for occurrences of "timeout" or "UDP:88". This pattern may emerge:

[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcAccessibility: reset
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcComm send:
kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3,
#bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   IOException with attempt: 1
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =2, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   IOException with attempt: 2
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =3, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   IOException with attempt: 3
[
KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com TCP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcComm send: #bytes read=2926
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcAccessibility: remove
kerberos.example.com

This shows that UDP port 88 was attempted three times before a successful connection was made on TCP port 88.

Your answer


Register or to post your answer.