I have to keep this short its getting late but these kerberos errors will not appear in the event log until after you enable verbose logging (LogLevel) by modifying the registry.

 

0xC KDC_ERR_BADOPTION  KDC cannot accommodate requested option.

0x34  KRB_ERR_RESPONSE_TOO_BIG  Response too big for UDP, retry with TCP.

 

The first error only occurs on login to the host or server using mstsc or the console, this makes since I didnt SetSPN for the host. The second occurs during the http request on login to SharePoint and is reolved by modifying the registry to use TCP instead of UDP (MaxPacketSize)...

 

Registry changes to turn on verbose logging (Loglevel) and to change from UDP to TCP (MaxPacketSize) can be found @ http://207.46.196.114/windowsserver/en/library/b36b8071-3cc5-46fa-be13-280aa43f2fd21033.mspx?mfr=true 

 

The only issue that I have found if you do not change UDP to TCP (MaxPacketSize) is that Excel Services will not refresh external data sources. However, i am sure I havent tested every possible scenario. This is duen to, according to Microsoft the number of security groups a user may be a member. However, in testing the number of security groups did not matter.

 

 Unless you enable verbose kerberos logging (LogLevel) you will only see the kerberos success events.. in the event log, pretty cool huh, lol... Good Night......

 

-Ivan