Hi Readers,

We have recently faced a unique problem in one of SharePoint project, some of the users (18 -30) out of 20000 users are not able to open the particular webapp hosted on SharePoint servers.

We all were scratching our heads that how can this happen ?

When opening the site they were getting error in IE : Page can not be displayed.

On Chrome & Firefox site was opening fine.

We all thought that it was related to some patch but in the end below were the important points that lead to resolution:

1. This webapp was using kerberos for authentication while others were using NTLM.

2. All the affected users have large number of groups assigned to them in AD.

3. As the number of groups increases so is the Kerberos Packet size…( This was the Key)

4. Site opened fine when we directly point users to server (instead of going thru HLB)

5. Kerberos maxtoken size on servers was set to 65535.

6. Users that were having issues , that we analyzed thru wireshack , all have kerberos packet size of more than 40000 bytes.

7. In the end we found that HLB (hardware Load Balancer) was ignoring the packets that were more than 33000 bytes.

8. Changing that setting fixed the issue for all 18 – 30 users.

Hoping this will help others as well , that are in the same situations..

Regard

Sukhija Vikas