I write in sections ;-)

3.7 SP2D (?) (all released patches are installed, but no
beta-patches)(I'm not the BM'Admin)
XP SP1 Ger., 4.83 SPx (later), CLNTRUST 1.4 (04/16/2002),
now: CLNTRUST 1.5 (09/05/2003)
XP 4.82Spx with IP only
"SSO-Timeout" on BM: 60 sec.
No Replicas of eDir on the BM (not possible to put all rep's
on the BM, NDS to big and to many partitions...)
DS.NLM: Ver 10350.23.17 on all servers

After rollout of 4.83SP2 on XP, clntrust SSO "timeout" after
60sec. and users get "the SSL Login-Screen".

XP with 4.83SP1 & CLNTRUST 1.4 need 42sec. to get an AUTH
with the BM-Server and the user was able to "go into the
Not perfect, but the users respect this...

Installed 4.83SP2 on the XP-Machines

XP-Machines are not able to AUTH to the BM with CLNTRUST 1.4
Load CLNTRUST 1.5 on XP-Machines, and the machines are at
50% able to pass AUTH with SSO to the BM

Actual Situation:
XP-Machines are able to AUTH within 2Secs (!) to the BM and
pass the proxy to the internet, BUT ONLY on 50%.
At the other 50% rate CLNTRUST fail to AUTH to the BM and
the user gets the SSL-Screen after 60Secs (which the user
don't understand and he close the IE and make a service
call..., it will work if the user AUTH manually to the

A trace on the failed process shows:
After the BM sends the UPD-packet to 3024 on the client
Client responce with one packet to 3024 on server
then: client sends a TCP-packet to 524 on BM
BUT in failed situation the responce to this packet (D=524)
from BM "will not arrive on the client".

What should I do?
Is anyone here who will take a look at my trace(s). (Good
and/or Bad)?

Sorry for the lenght, but I'm not able to descibe this
problem in a shorter way...
Thank You for reading to this point ;-)

Regards - Frank