It's all about the answers!

Ask a question

How can you identify and resolve a network timeout in Kerberos authentication for the Rational Team Concert Client?


Erik Mats (10511125) | asked Nov 24 '15, 5:40 a.m.
edited Nov 24 '15, 5:41 a.m.
By default Kerberos authentication for Rational Team Concert clients will work on UDP port 88. If that fails it will fail over to TCP port 88. If a firewall does not allow the UDP connection on port 88, or if the Kerberos server has been configured to only allow TCP,



One answer



permanent link
Erik Mats (10511125) | answered Nov 24 '15, 5:40 a.m.
If krb5.conf on the server has this setting, then UDP port 88 will not work and the same setting needs to be in the .conf or .ini file on the client:
udp_preference_limit = 1                                               

In order to identify whether this is the problem, capture standard output from the client to a file (eclipse.exe > stdout.log), then check that file for occurrences of "timeout" or "UDP:88". This pattern may emerge:

[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcAccessibility: reset
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcComm send:
kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3,
#bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   IOException with attempt: 1
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =2, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   IOException with attempt: 2
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =3, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   IOException with attempt: 3
[
KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcCommunication:
kdc=kerberos.example.com TCP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcComm send: #bytes read=2926
[KRB_DBG_KDC] KdcComm:Worker-0:   >>> KdcAccessibility: remove
kerberos.example.com

This shows that UDP port 88 was attempted three times before a successful connection was made on TCP port 88.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.