--- title: Managing domain connectivity settings description: You can change the default security and logging settings for all configured Active Directory domains and Kerberos realms. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_kerberosrealmstasklet_kerberosrealmssettingsstate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_kerberosrealmstasklet_kerberosrealmssettingsstate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: steps: Steps --- # Managing domain connectivity settings You can change the default security and logging settings for all configured Active Directory domains and Kerberos realms. ## Steps * On the **Manage Domain/Realm Settings** tab, change the default transport protocol, the debug option, the timeout value, and the number of retry attempts. For more information, refer to the following table. | Field | Description | | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Force TCP** | When selected, requires use of the Transmission Control Protocol instead of the default User Datagram Protocol. Use this option when firewall or network configurations require acknowledgment that packets are properly received.+ If you choose this option, you must restart PingFederate after saving the configuration. | | **Debug Log Output** | When selected, sends verbose messages to the PingFederate server log for all interactions with the domain controllers or the Key Distribution Centers (KDCs). | | **AD Domain Controller/Key Distribution Center Timeout (secs)** | The number of seconds that PingFederate waits for a network response from a domain controller or KDC. The default is `3`.+ This value applies to each attempt PingFederate makes to contact the domain controller or KDC. The new timeout takes effect only after you save the configuration and restart PingFederate.. | | **AD Domain Controller/Key Distribution Center Retries** | Specifies the number of times PingFederate tries contacting the domain controller or KDC. The default is `3`. | | **Key Set Retention Period (mins)** | The number of minutes that PingFederate retains the encryption keys associated with the previous password of the Kerberos service account. The allowed range is 0 to 10080 minutes (seven days) and the default value is 610 minutes.PingFederate only retains the key sets associated with previous passwords if you select the **Retain Previous Keys on Password Change** checkbox on the **Manage Domain/Realm** window. For more information, see [Adding Active Directory domains and Kerberos realms](pf_adding_active_directory_domains_kerberos_realms.html). |