If the 1st KDC times out, we are not moving over to the next KDC in a timely fashion. UDP never seems to be an option because most KDCs return the ‘error Message is Response too big for UDP, retry with TCP’ message – which is forcing TCP. Changing the max_retries setting does not apply so I cannot reduce the retries – even still – 3.5 min is not an acceptable timeout.
This appears to be addressed in Java 1. (see http://bugs.sun.com/view_bug.do?bug_id=6952519). However, is this addressed in any recent or upcoming Java 1.6 patches?