A possible answer.... The issue is with Kerberos authentication using UDP. The packets for UDP are of such a size that they have to be fragmented when sending them through the VPN. If the packets are received out of order, the packets will be dropped. This leads to not being authenticated to the Active Directory and means that you will be denied access to your mailbox. The many factors that created this are user factors and equipment at the location. Hotel or public wifi equipment could have any number of things that slow transfers or add to packet size including other tunnels that the traffic uses within its own network. Also various factors for the user including SID history, group membership and other factors can result in having larger Kerberos authentication packet sizes. The solution is a simple registry change to force Kerberos to use TCP instead of UDP in Windows. It requires a change or additional key and then a reboot. 1. Start Registry Editor. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters Note If the Parameters key does not exist, create it now. 3. On the Edit menu, point to New, and then click DWORD Value. 4. Type MaxPacketSize, and then press ENTER. 5. Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK. 6. Quit Registry Editor. 7. Restart your computer. The full article can be found here. http://support.microsoft.com/kb/244474
... View more