TCP: troubles with outgoing tcp/ip after sp1

after installation of w2k3 sp1 i have serious tcp problems.

the problems:
- 3-5% ping loss to *any* non-localhost-ip
- ftp uploads fail if file size is greater than 8kb ("unable to open data
connection" / "data connection timeout")
- outlook express fails to send out smtp mails ("unable to connect to
server")
- vpn connection breaks up every other minute

the setup:
- this is an out-of-the box configuration. the machine has 2 different
interfaces, both having these problems.
- windows firewall is disabled.
- tcp/ip filtering is disabled.
- windows 2000 on same machine works fine!

the workaround:
- packet loss: no clue so far
- sending out mails: when resetting the network interface (i.e.:
disabling/enabling the nic), operation works for a few minutes as it should.

it looks like some problems with the tcp-ip stack here. connecting to the
target socket works, but resulting in a timeout from time to time before any
data is sent.

any pointers how to further test and elaborate the problem is more than
welcome! i've spent hours trying and countless reinstals to solve this
problem without any luck.

would be sad to switch back to w2k ;-(

- thomas

It could be the MTU issue. quoted from http://www.howtonetworking.com/casestudy.htm
Case Study - VPN Connection issues after installed Windows server 2003 SP1

Situation: The client has been experiencing some VPN connection issues after they installed Windows Server 2003 SP1. The main office has T1 line. The branch office uses DSL line and some home users who are using DSL too. They can establish the VPN, but they experience these issues:

1.. The connection may drop in 2 or 3 minutes.
2.. The VPN client may receive "The Network name is no longer available" message when they transfer the data.
3.. The RDC to TS may have black screen.
Resolution: Set my VPN client MTU to 1400.

To modify MTU, please refer to this page, How to change MTU settings for PPP or VPN.

Related Topics

Connectivity issues after ms05-019 and 2003 sp1
Can't access some web sites

Black screen when RDP over VPN
Situation: The client has a site-to-site VPN setup with two Sonicwall firewall. It works fine. He can ping anything on the remote sites and vice versa.

Problem: When he tries to RDP to the server he gets the blank screen and the banner at the top, but the log in window never appears and it eventually times out and says broken network connection.

Troubleshooting: Since this is DSL line, we suspect this is MTU issue. So, we use this commend "ping -l 1500 -f IP address" to test it. We receive "Packet needs to be fragmented but DF set" and "Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)". That confirms that is MTU issues.

Resolution: Use the ping to test and lower MTU. Finally, We reduce MTU from 1500 to 1400 in the SonicWall. Then he can use RDC over VPN.

Related Topics

How to change MTU
Connectivity issues after ms05-019 and 2003 sp1
Troubleshooting terminal server issues
VPN drop connection
VPN slow issues


Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"Thomas" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
after installation of w2k3 sp1 i have serious tcp problems.

the problems:
- 3-5% ping loss to *any* non-localhost-ip
- ftp uploads fail if file size is greater than 8kb ("unable to open data
connection" / "data connection timeout")
- outlook express fails to send out smtp mails ("unable to connect to
server")
- vpn connection breaks up every other minute

the setup:
- this is an out-of-the box configuration. the machine has 2 different
interfaces, both having these problems.
- windows firewall is disabled.
- tcp/ip filtering is disabled.
- windows 2000 on same machine works fine!

the workaround:
- packet loss: no clue so far
- sending out mails: when resetting the network interface (i.e.:
disabling/enabling the nic), operation works for a few minutes as it should.

it looks like some problems with the tcp-ip stack here. connecting to the
target socket works, but resulting in a timeout from time to time before any
data is sent.

any pointers how to further test and elaborate the problem is more than
welcome! i've spent hours trying and countless reinstals to solve this
problem without any luck.

would be sad to switch back to w2k ;-(

- thomas

cheers robert

this fixed my problems partially. indeed the max. MTU size my router(s) can
use is 1372. setting the MTU value for PPP and VPN cured the packetloss.

unfortunately, this didn't cure the ftp / mail / news upload problems:

[23:17:24] PORT 192,168,2,141,8,171
[23:17:24] 200 Port command successful.
[23:17:24] Opening data connection IP: 192.168.2.141 PORT: 2219.
[23:17:24] STOR id.jpg
[23:17:24] 150 Opening data connection for id.jpg.
[23:17:24] 2368 bytes sent successfully. (2.31 KB/s) (00:00:01).
[23:17:54] No response received from server. Timeout (30s).
[23:17:54] Connection closed.

while the ftp tool (here: smartftp, but same behaviour in comand line ftp)
thinks the 2368 bytes were sent successfully, the target server never got
any bits and bytes (id.jpg got size of 0 bytes on server). the 2368bytes
thus are put into the tcpip buffer where it *should* be sent by winsocks.
the application itself isn't even notified of any sending errors. only 30s
(after timeout waiting for server response) its socket is closed.

the interesting part: once the upload failed, a 2nd upload after the
connection timeout is most the time successfull. i got no clue, but i would
describe the problem as something like "delayed outbound socket creation"
:-)

this behaviour somewhat describe the same problems as discussed here:
http://www.microsoft.com/technet/com...=en-us&m=1&p=1
unfortunately, KB893066 cannot be uninstalled in a slipstreamed w2k3 sp1...
and of course uninstalling an important hotfix is the least you want to do
anyway. but still better than not being able to use your windows
installation for your work...

- thomas


"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
It could be the MTU issue. quoted from
http://www.howtonetworking.com/casestudy.htm
Case Study - VPN Connection issues after installed Windows server 2003 SP1
Situation: The client has been experiencing some VPN connection issues after
they installed Windows Server 2003 SP1. The main office has T1 line. The
branch office uses DSL line and some home users who are using DSL too. They
can establish the VPN, but they experience these issues:
The connection may drop in 2 or 3 minutes.
The VPN client may receive "The Network name is no longer available" message
when they transfer the data.
The RDC to TS may have black screen.
Resolution: Set my VPN client MTU to 1400.
To modify MTU, please refer to this page, How to change MTU settings for
PPP or VPN.
Related Topics
Connectivity issues after ms05-019 and 2003 sp1
Can't access some web sites
Black screen when RDP over VPN
Situation: The client has a site-to-site VPN setup with two Sonicwall
firewall. It works fine. He can ping anything on the remote sites and vice
versa.
Problem: When he tries to RDP to the server he gets the blank screen and the
banner at the top, but the log in window never appears and it eventually
times out and says broken network connection.
Troubleshooting: Since this is DSL line, we suspect this is MTU issue. So,
we use this commend "ping -l 1500 -f IP address" to test it. We receive
"Packet needs to be fragmented but DF set" and "Packets: Sent = 4, Received
= 0, Lost = 4 (100% loss)". That confirms that is MTU issues.

Resolution: Use the ping to test and lower MTU. Finally, We reduce MTU from
1500 to 1400 in the SonicWall. Then he can use RDC over VPN.
Related Topics
How to change MTU
Connectivity issues after ms05-019 and 2003 sp1
Troubleshooting terminal server issues
VPN drop connection
VPN slow issues

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on
http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
"Thomas" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
after installation of w2k3 sp1 i have serious tcp problems.

the problems:
- 3-5% ping loss to *any* non-localhost-ip
- ftp uploads fail if file size is greater than 8kb ("unable to open data
connection" / "data connection timeout")
- outlook express fails to send out smtp mails ("unable to connect to
server")
- vpn connection breaks up every other minute

the setup:
- this is an out-of-the box configuration. the machine has 2 different
interfaces, both having these problems.
- windows firewall is disabled.
- tcp/ip filtering is disabled.
- windows 2000 on same machine works fine!

the workaround:
- packet loss: no clue so far
- sending out mails: when resetting the network interface (i.e.:
disabling/enabling the nic), operation works for a few minutes as it should.

it looks like some problems with the tcp-ip stack here. connecting to the
target socket works, but resulting in a timeout from time to time before any
data is sent.

any pointers how to further test and elaborate the problem is more than
welcome! i've spent hours trying and countless reinstals to solve this
problem without any luck.

would be sad to switch back to w2k ;-(

- thomas

i'm sorry to inform you changing the MTU didn't help at all. the problem
seems to be accumulating over time.
the longer the server runs, the more paket loss, the more vpn disconnects,
the worse smtp mailing gets ;-(

- thomas


"Thomas" <(E-Mail Removed)> wrote in message
news:eyBJfc$(E-Mail Removed)...
> cheers robert
>
> this fixed my problems partially. indeed the max. MTU size my router(s)
> can use is 1372. setting the MTU value for PPP and VPN cured the
> packetloss.
>
> unfortunately, this didn't cure the ftp / mail / news upload problems:
>
> [23:17:24] PORT 192,168,2,141,8,171
> [23:17:24] 200 Port command successful.
> [23:17:24] Opening data connection IP: 192.168.2.141 PORT: 2219.
> [23:17:24] STOR id.jpg
> [23:17:24] 150 Opening data connection for id.jpg.
> [23:17:24] 2368 bytes sent successfully. (2.31 KB/s) (00:00:01).
> [23:17:54] No response received from server. Timeout (30s).
> [23:17:54] Connection closed.
>
> while the ftp tool (here: smartftp, but same behaviour in comand line ftp)
> thinks the 2368 bytes were sent successfully, the target server never got
> any bits and bytes (id.jpg got size of 0 bytes on server). the 2368bytes
> thus are put into the tcpip buffer where it *should* be sent by winsocks.
> the application itself isn't even notified of any sending errors. only 30s
> (after timeout waiting for server response) its socket is closed.
>
> the interesting part: once the upload failed, a 2nd upload after the
> connection timeout is most the time successfull. i got no clue, but i
> would describe the problem as something like "delayed outbound socket
> creation" :-)
>
> this behaviour somewhat describe the same problems as discussed here:
> http://www.microsoft.com/technet/com...=en-us&m=1&p=1
> unfortunately, KB893066 cannot be uninstalled in a slipstreamed w2k3
> sp1... and of course uninstalling an important hotfix is the least you
> want to do anyway. but still better than not being able to use your
> windows installation for your work...
>
> - thomas
>
>
> "Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> It could be the MTU issue. quoted from
> http://www.howtonetworking.com/casestudy.htm
> Case Study - VPN Connection issues after installed Windows server 2003 SP1
> Situation: The client has been experiencing some VPN connection issues
> after they installed Windows Server 2003 SP1. The main office has T1 line.
> The branch office uses DSL line and some home users who are using DSL too.
> They can establish the VPN, but they experience these issues:
> The connection may drop in 2 or 3 minutes.
> The VPN client may receive "The Network name is no longer available"
> message when they transfer the data.
> The RDC to TS may have black screen.
> Resolution: Set my VPN client MTU to 1400.
> To modify MTU, please refer to this page, How to change MTU settings for
> PPP or VPN.
> Related Topics
> Connectivity issues after ms05-019 and 2003 sp1
> Can't access some web sites
> Black screen when RDP over VPN
> Situation: The client has a site-to-site VPN setup with two Sonicwall
> firewall. It works fine. He can ping anything on the remote sites and vice
> versa.
> Problem: When he tries to RDP to the server he gets the blank screen and
> the banner at the top, but the log in window never appears and it
> eventually times out and says broken network connection.
> Troubleshooting: Since this is DSL line, we suspect this is MTU issue. So,
> we use this commend "ping -l 1500 -f IP address" to test it. We receive
> "Packet needs to be fragmented but DF set" and "Packets: Sent = 4,
> Received = 0, Lost = 4 (100% loss)". That confirms that is MTU issues.
>
> Resolution: Use the ping to test and lower MTU. Finally, We reduce MTU
> from 1500 to 1400 in the SonicWall. Then he can use RDC over VPN.
> Related Topics
> How to change MTU
> Connectivity issues after ms05-019 and 2003 sp1
> Troubleshooting terminal server issues
> VPN drop connection
> VPN slow issues
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
> help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> How to Setup Windows, Network, Remote Access on
> http://www.HowToNetworking.com
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
> "Thomas" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> after installation of w2k3 sp1 i have serious tcp problems.
>
> the problems:
> - 3-5% ping loss to *any* non-localhost-ip
> - ftp uploads fail if file size is greater than 8kb ("unable to open data
> connection" / "data connection timeout")
> - outlook express fails to send out smtp mails ("unable to connect to
> server")
> - vpn connection breaks up every other minute
>
> the setup:
> - this is an out-of-the box configuration. the machine has 2 different
> interfaces, both having these problems.
> - windows firewall is disabled.
> - tcp/ip filtering is disabled.
> - windows 2000 on same machine works fine!
>
> the workaround:
> - packet loss: no clue so far
> - sending out mails: when resetting the network interface (i.e.:
> disabling/enabling the nic), operation works for a few minutes as it
> should.
>
> it looks like some problems with the tcp-ip stack here. connecting to the
> target socket works, but resulting in a timeout from time to time before
> any
> data is sent.
>
> any pointers how to further test and elaborate the problem is more than
> welcome! i've spent hours trying and countless reinstals to solve this
> problem without any luck.
>
> would be sad to switch back to w2k ;-(
>
> - thomas
>

I am seeing a similar problem - we have an enterprise app (Blackboard) that
is running on a new install of Win2K3 SP1. This app tries to connect to our
SMTP server to send mails. The Win2K3 server cannot connect to our SMTP
server on TCP 25.

A packet capture shows no attempt - nothing. I can ping the SMTP server
with no trouble, can do a standard telnet to other machines. Just can't
make an SMTP connection.

The only thing between the servers is a Cisco switch - no firewall, no
routers. I can't even telnet from my Windows server to the SMTP server on
port 25 with any success (from a command line).

Blake

"Thomas" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> after installation of w2k3 sp1 i have serious tcp problems.
>
> the problems:
> - 3-5% ping loss to *any* non-localhost-ip
> - ftp uploads fail if file size is greater than 8kb ("unable to open data
> connection" / "data connection timeout")
> - outlook express fails to send out smtp mails ("unable to connect to
> server")
> - vpn connection breaks up every other minute
>
> the setup:
> - this is an out-of-the box configuration. the machine has 2 different
> interfaces, both having these problems.
> - windows firewall is disabled.
> - tcp/ip filtering is disabled.
> - windows 2000 on same machine works fine!
>
> the workaround:
> - packet loss: no clue so far
> - sending out mails: when resetting the network interface (i.e.:
> disabling/enabling the nic), operation works for a few minutes as it
> should.
>
> it looks like some problems with the tcp-ip stack here. connecting to the
> target socket works, but resulting in a timeout from time to time before
> any data is sent.
>
> any pointers how to further test and elaborate the problem is more than
> welcome! i've spent hours trying and countless reinstals to solve this
> problem without any luck.
>
> would be sad to switch back to w2k ;-(
>
> - thomas
>

Hi there.

I recently had the same trouble on our network and came within a week
of losing my job. Whenever I would hack registries and lower my MTU,
things began to work. But as it turns out, the entire problem was due
to a Windows 2000 Server automatic update. This update was also given
for XP, and Win2k3 Server. The update was a reinstall of the TCP/IP
stack files in order to seal a security hole. That update broke our
entire network. It was because of devices with differing MTUs and a
LAN/WAN environment according to the MS KB article. To us, the problem
surfaced as RDP/Terminal Services just giving a black screen, SQL
Database replications and DTS packages failing, Active Directory
replication failing, email failures, and other weirdnesses. The url to
the Windows knowledge base article is here if it will help you:
"http://support.microsoft.com/kb/898060/?" - but again, I can't be
responsible for what you do, blah blah blah, cover my butt, etc. If it
saves you from any more heart-ache and late night caffeine binges, I'll
be glad to have been of service.

Thanks,
-Isaac Morton
(E-Mail Removed)

yeah, we has troubles with sp1 installed on w2k3ee where an exchange
server working.
clients from ipsec-secured subnets unable to recieve or send mail through
exchange.
solution with mtu changin' from kb898069 works, and we have _not_ any
other troubles... but we have 2000 native domain...
that thing stop us from moving to 2k3 at this time.

On Thu, 02 Jun 2005 19:47:24 +0400, Isaac <(E-Mail Removed)> wrote:

> Hi there.
>
> I recently had the same trouble on our network and came within a week
> of losing my job. Whenever I would hack registries and lower my MTU,
> things began to work. But as it turns out, the entire problem was due
> to a Windows 2000 Server automatic update. This update was also given
> for XP, and Win2k3 Server. The update was a reinstall of the TCP/IP
> stack files in order to seal a security hole. That update broke our
> entire network. It was because of devices with differing MTUs and a
> LAN/WAN environment according to the MS KB article. To us, the problem
> surfaced as RDP/Terminal Services just giving a black screen, SQL
> Database replications and DTS packages failing, Active Directory
> replication failing, email failures, and other weirdnesses. The url to
> the Windows knowledge base article is here if it will help you:
> "http://support.microsoft.com/kb/898060/?" - but again, I can't be
> responsible for what you do, blah blah blah, cover my butt, etc. If it
> saves you from any more heart-ache and late night caffeine binges, I'll
> be glad to have been of service.
>
> Thanks,
> -Isaac Morton
> (E-Mail Removed)
>



--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/