I saw this on a site once and it was down to the MTU wherein for some reason one of the devices/switch did not like having a high MTU so it fragmented the packets and the XG didn't like it and canned them. Everything else was fine and you could RDP, Ping and pretty much most things but Domain stuff just wasn't having it due to LDAP and Kerberos issues because of the MTU.
Quote