Windows 2003/2008 and registry node tweaks for Tcpip\Parameters

Hi there,

In some of our Windows 2003 builds we tweaked a number of registry values
(for performance/security/etc reasons) under the key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters]. The
specific ones we added were,

DisableIPSourceRouting
EnablePMTUDiscovery
KeepAliveTime
TcpMaxDataRetransmissions
TcpTimedWaitDelay
EnableDeadGWDetect
SynAttackProtect
TcpMaxConnectResponsereTransmissions
MaxFreeTcbs
MaxHashTableSize
MaxUserPort
TcpMaxDupAcks
EnableSecurityFilters
SackOpts
TcpWindowSize

We are moving to using Windows 2008 builds and have been evaluating these
tweaks to see,

1. Do we still need them?
2. Are they supported in Windows 2008?

So during this process we have reviewed the following document titled
"TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008"
downloadable from
"http://download.microsoft.com/download/c/2/6/c26893a6-46c7-4b5c-b287-830216597340/TCPIP_Reg.doc".

In this document we can see that the following values are still supported in
that registry node,

DisableIPSourceRouting
EnablePMTUDiscovery
KeepAliveTime
TcpMaxDataRetransmissions
TcpTimedWaitDelay

However the others (listed below) are not mentioned in the document and its
proving to be difficult to find an equalvilent registry value or other
setting under Windows 2008,

EnableDeadGWDetect
SynAttackProtect
TcpMaxConnectResponsereTransmissions
MaxFreeTcbs
MaxHashTableSize
MaxUserPort
TcpMaxDupAcks
EnableSecurityFilters
SackOpts

We have found out that one of the settings (listed below) is no longer
needed in Vista and Windows 2008, we just need to find answers for the others.

TcpWindowSize (no longer needed)

URL = http://technet.microsoft.com/en-nz/m...19(en-us).aspx
EXTRACT = To optimize TCP throughput, especially for transmission paths with
a high BDP, the Next Generation TCP/IP stack in Windows Vista and Windows
Server 2008) supports Receive Window Auto-Tuning....etc....and IT
administrators no longer need to manually configure a TCP receive window size
for specific computers.

If anyone can advise a support document listing these or help shed some
light on ways to achieve the same setting under Windows 2008 we would be
interested in hearing about them...thanks,

Matt Duguid

Hi Matt,

We're going through the same motions here, so I'm looking forward to an
answer from MS on the topic.

I have found a reference to the use of MaxUserPort on Windows Server 2008 in
a recent Microsoft security bulletin.

"In Windows Server 2008 or Windows Vista, the value of the MaxUserPort
registry entry signifies the number of dynamic ports. The range is from Start
range (default is 49152) to Start range + MaxUserPort"

Check out the following for more info:
http://support.microsoft.com/kb/953230
http://support.microsoft.com/kb/929851

-Søren Kristensen


"Matt Duguid" wrote:

> Hi there,
>
> In some of our Windows 2003 builds we tweaked a number of registry values
> (for performance/security/etc reasons) under the key
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters]. The
> specific ones we added were,
>
> DisableIPSourceRouting
> EnablePMTUDiscovery
> KeepAliveTime
> TcpMaxDataRetransmissions
> TcpTimedWaitDelay
> EnableDeadGWDetect
> SynAttackProtect
> TcpMaxConnectResponsereTransmissions
> MaxFreeTcbs
> MaxHashTableSize
> MaxUserPort
> TcpMaxDupAcks
> EnableSecurityFilters
> SackOpts
> TcpWindowSize
>
> We are moving to using Windows 2008 builds and have been evaluating these
> tweaks to see,
>
> 1. Do we still need them?
> 2. Are they supported in Windows 2008?
>
> So during this process we have reviewed the following document titled
> "TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008"
> downloadable from
> "http://download.microsoft.com/download/c/2/6/c26893a6-46c7-4b5c-b287-830216597340/TCPIP_Reg.doc".
>
> In this document we can see that the following values are still supported in
> that registry node,
>
> DisableIPSourceRouting
> EnablePMTUDiscovery
> KeepAliveTime
> TcpMaxDataRetransmissions
> TcpTimedWaitDelay
>
> However the others (listed below) are not mentioned in the document and its
> proving to be difficult to find an equalvilent registry value or other
> setting under Windows 2008,
>
> EnableDeadGWDetect
> SynAttackProtect
> TcpMaxConnectResponsereTransmissions
> MaxFreeTcbs
> MaxHashTableSize
> MaxUserPort
> TcpMaxDupAcks
> EnableSecurityFilters
> SackOpts
>
> We have found out that one of the settings (listed below) is no longer
> needed in Vista and Windows 2008, we just need to find answers for the others.
>
> TcpWindowSize (no longer needed)
>
> URL = http://technet.microsoft.com/en-nz/m...19(en-us).aspx
> EXTRACT = To optimize TCP throughput, especially for transmission paths with
> a high BDP, the Next Generation TCP/IP stack in Windows Vista and Windows
> Server 2008) supports Receive Window Auto-Tuning....etc....and IT
> administrators no longer need to manually configure a TCP receive window size
> for specific computers.
>
> If anyone can advise a support document listing these or help shed some
> light on ways to achieve the same setting under Windows 2008 we would be
> interested in hearing about them...thanks,
>
> Matt Duguid

Im using both Windows Server 2003 and Windows Server 2008. In Windows Server
2003 ephemeral ports set by the admin can be easily identify by using the
the Registry values.In Windows Server 2003 , Epemeral lower range is 1024 and
it cannot be changed by the administrator. But in Windows Server 2008 the
Ephemeral range , both the lower end and the higher end can be changed by
the administrator(e.g.netsh int ipv4 set dynamicport tcp start=10000
num=1000). Here i'm not
talking about the default port range for the windows server 2008.
So My application need to identify the ehemeral port range defined by the
administrator in WS2008. So What are the relevent Registry keys to identify
lower end and the higher end in Windows Server 2008.?

"Jhon" <(E-Mail Removed)> wrote in message
news:CEC21B8D-6853-4C6F-A4CB-(E-Mail Removed)...
> Im using both Windows Server 2003 and Windows Server 2008. In Windows
> Server
> 2003 ephemeral ports set by the admin can be easily identify by using the
> the Registry values.In Windows Server 2003 , Epemeral lower range is 1024
> and
> it cannot be changed by the administrator. But in Windows Server 2008 the
> Ephemeral range , both the lower end and the higher end can be changed by
> the administrator(e.g.netsh int ipv4 set dynamicport tcp start=10000
> num=1000). Here i'm not
> talking about the default port range for the windows server 2008.
> So My application need to identify the ehemeral port range defined by the
> administrator in WS2008. So What are the relevent Registry keys to
> identify
> lower end and the higher end in Windows Server 2008.?
>

I know the one is MaxUserPort, but not sure of the low end. I would test and
monitor trying "LowUserPort" or "MinUserPort." But whether you know the low
end key or not, you can set it with the netsh command. See this for more
info:

Quoted: "To comply with Internet Assigned Numbers Authority (IANA)
recommendations, Microsoft has increased the dynamic client port range for
outgoing connections in Windows Vista and in Windows Server 2008. The new
default start port is 49152, and the default end port is 65535. This is a
change from the configuration of earlier versions of Microsoft Windows that
used a default port range of 1025 through 5000."

The default dynamic port range for TCP/IP has changed in Windows Vista and
in Windows Server 2008
http://support.microsoft.com/?kbid=929851


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Enter into an artificial quantum singularity lined with fermions and
neutrino scatterings depicted by electrons smashing into protons and
neutrons like billiard balls moving at warp 9 exposing quarks, mesons and
baryons, the essentials of their existence, that are spinning off in half
scatters. You have now entered the Twilight Zone.