TCP: troubles with outgoing tcp/ip after sp1

Discussion in 'Windows Networking' started by Thomas, May 18, 2005.

  1. Thomas

    Thomas Guest

    after installation of w2k3 sp1 i have serious tcp problems.

    the problems:
    - 3-5% ping loss to *any* non-localhost-ip
    - ftp uploads fail if file size is greater than 8kb ("unable to open data
    connection" / "data connection timeout")
    - outlook express fails to send out smtp mails ("unable to connect to
    server")
    - vpn connection breaks up every other minute

    the setup:
    - this is an out-of-the box configuration. the machine has 2 different
    interfaces, both having these problems.
    - windows firewall is disabled.
    - tcp/ip filtering is disabled.
    - windows 2000 on same machine works fine!

    the workaround:
    - packet loss: no clue so far
    - sending out mails: when resetting the network interface (i.e.:
    disabling/enabling the nic), operation works for a few minutes as it should.

    it looks like some problems with the tcp-ip stack here. connecting to the
    target socket works, but resulting in a timeout from time to time before any
    data is sent.

    any pointers how to further test and elaborate the problem is more than
    welcome! i've spent hours trying and countless reinstals to solve this
    problem without any luck.

    would be sad to switch back to w2k ;-(

    - thomas
     
    Thomas, May 18, 2005
    #1
    1. Advertisements

  2. It could be the MTU issue. quoted from http://www.howtonetworking.com/casestudy.htm
    Case Study - VPN Connection issues after installed Windows server 2003 SP1

    Situation: The client has been experiencing some VPN connection issues after they installed Windows Server 2003 SP1. The main office has T1 line. The branch office uses DSL line and some home users who are using DSL too. They can establish the VPN, but they experience these issues:

    1.. The connection may drop in 2 or 3 minutes.
    2.. The VPN client may receive "The Network name is no longer available" message when they transfer the data.
    3.. The RDC to TS may have black screen.
    Resolution: Set my VPN client MTU to 1400.

    To modify MTU, please refer to this page, How to change MTU settings for PPP or VPN.

    Related Topics

    Connectivity issues after ms05-019 and 2003 sp1
    Can't access some web sites

    Black screen when RDP over VPN
    Situation: The client has a site-to-site VPN setup with two Sonicwall firewall. It works fine. He can ping anything on the remote sites and vice versa.

    Problem: When he tries to RDP to the server he gets the blank screen and the banner at the top, but the log in window never appears and it eventually times out and says broken network connection.

    Troubleshooting: Since this is DSL line, we suspect this is MTU issue. So, we use this commend "ping -l 1500 -f IP address" to test it. We receive "Packet needs to be fragmented but DF set" and "Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)". That confirms that is MTU issues.

    Resolution: Use the ping to test and lower MTU. Finally, We reduce MTU from 1500 to 1400 in the SonicWall. Then he can use RDC over VPN.

    Related Topics

    How to change MTU
    Connectivity issues after ms05-019 and 2003 sp1
    Troubleshooting terminal server issues
    VPN drop connection
    VPN slow issues


    Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

    Bob Lin, MS-MVP, MCSE & CNE
    How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
    Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
    This posting is provided "AS IS" with no warranties.

    after installation of w2k3 sp1 i have serious tcp problems.

    the problems:
    - 3-5% ping loss to *any* non-localhost-ip
    - ftp uploads fail if file size is greater than 8kb ("unable to open data
    connection" / "data connection timeout")
    - outlook express fails to send out smtp mails ("unable to connect to
    server")
    - vpn connection breaks up every other minute

    the setup:
    - this is an out-of-the box configuration. the machine has 2 different
    interfaces, both having these problems.
    - windows firewall is disabled.
    - tcp/ip filtering is disabled.
    - windows 2000 on same machine works fine!

    the workaround:
    - packet loss: no clue so far
    - sending out mails: when resetting the network interface (i.e.:
    disabling/enabling the nic), operation works for a few minutes as it should.

    it looks like some problems with the tcp-ip stack here. connecting to the
    target socket works, but resulting in a timeout from time to time before any
    data is sent.

    any pointers how to further test and elaborate the problem is more than
    welcome! i've spent hours trying and countless reinstals to solve this
    problem without any luck.

    would be sad to switch back to w2k ;-(

    - thomas
     
    Robert L [MS-MVP], May 18, 2005
    #2
    1. Advertisements

  3. Thomas

    Thomas Guest

    cheers robert

    this fixed my problems partially. indeed the max. MTU size my router(s) can
    use is 1372. setting the MTU value for PPP and VPN cured the packetloss.

    unfortunately, this didn't cure the ftp / mail / news upload problems:

    [23:17:24] PORT 192,168,2,141,8,171
    [23:17:24] 200 Port command successful.
    [23:17:24] Opening data connection IP: 192.168.2.141 PORT: 2219.
    [23:17:24] STOR id.jpg
    [23:17:24] 150 Opening data connection for id.jpg.
    [23:17:24] 2368 bytes sent successfully. (2.31 KB/s) (00:00:01).
    [23:17:54] No response received from server. Timeout (30s).
    [23:17:54] Connection closed.

    while the ftp tool (here: smartftp, but same behaviour in comand line ftp)
    thinks the 2368 bytes were sent successfully, the target server never got
    any bits and bytes (id.jpg got size of 0 bytes on server). the 2368bytes
    thus are put into the tcpip buffer where it *should* be sent by winsocks.
    the application itself isn't even notified of any sending errors. only 30s
    (after timeout waiting for server response) its socket is closed.

    the interesting part: once the upload failed, a 2nd upload after the
    connection timeout is most the time successfull. i got no clue, but i would
    describe the problem as something like "delayed outbound socket creation"
    :)

    this behaviour somewhat describe the same problems as discussed here:
    http://www.microsoft.com/technet/co...technet-mgmt&lang=en&cr=US&sloc=en-us&m=1&p=1
    unfortunately, KB893066 cannot be uninstalled in a slipstreamed w2k3 sp1...
    and of course uninstalling an important hotfix is the least you want to do
    anyway. but still better than not being able to use your windows
    installation for your work...

    - thomas


    It could be the MTU issue. quoted from
    http://www.howtonetworking.com/casestudy.htm
    Case Study - VPN Connection issues after installed Windows server 2003 SP1
    Situation: The client has been experiencing some VPN connection issues after
    they installed Windows Server 2003 SP1. The main office has T1 line. The
    branch office uses DSL line and some home users who are using DSL too. They
    can establish the VPN, but they experience these issues:
    The connection may drop in 2 or 3 minutes.
    The VPN client may receive "The Network name is no longer available" message
    when they transfer the data.
    The RDC to TS may have black screen.
    Resolution: Set my VPN client MTU to 1400.
    To modify MTU, please refer to this page, How to change MTU settings for
    PPP or VPN.
    Related Topics
    Connectivity issues after ms05-019 and 2003 sp1
    Can't access some web sites
    Black screen when RDP over VPN
    Situation: The client has a site-to-site VPN setup with two Sonicwall
    firewall. It works fine. He can ping anything on the remote sites and vice
    versa.
    Problem: When he tries to RDP to the server he gets the blank screen and the
    banner at the top, but the log in window never appears and it eventually
    times out and says broken network connection.
    Troubleshooting: Since this is DSL line, we suspect this is MTU issue. So,
    we use this commend "ping -l 1500 -f IP address" to test it. We receive
    "Packet needs to be fragmented but DF set" and "Packets: Sent = 4, Received
    = 0, Lost = 4 (100% loss)". That confirms that is MTU issues.

    Resolution: Use the ping to test and lower MTU. Finally, We reduce MTU from
    1500 to 1400 in the SonicWall. Then he can use RDC over VPN.
    Related Topics
    How to change MTU
    Connectivity issues after ms05-019 and 2003 sp1
    Troubleshooting terminal server issues
    VPN drop connection
    VPN slow issues

    Don't send e-mail or reply to me except you need consulting services.
    Posting on MS newsgroup will benefit all readers and you may get more help.

    Bob Lin, MS-MVP, MCSE & CNE
    How to Setup Windows, Network, Remote Access on
    http://www.HowToNetworking.com
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    This posting is provided "AS IS" with no warranties.
    after installation of w2k3 sp1 i have serious tcp problems.

    the problems:
    - 3-5% ping loss to *any* non-localhost-ip
    - ftp uploads fail if file size is greater than 8kb ("unable to open data
    connection" / "data connection timeout")
    - outlook express fails to send out smtp mails ("unable to connect to
    server")
    - vpn connection breaks up every other minute

    the setup:
    - this is an out-of-the box configuration. the machine has 2 different
    interfaces, both having these problems.
    - windows firewall is disabled.
    - tcp/ip filtering is disabled.
    - windows 2000 on same machine works fine!

    the workaround:
    - packet loss: no clue so far
    - sending out mails: when resetting the network interface (i.e.:
    disabling/enabling the nic), operation works for a few minutes as it should.

    it looks like some problems with the tcp-ip stack here. connecting to the
    target socket works, but resulting in a timeout from time to time before any
    data is sent.

    any pointers how to further test and elaborate the problem is more than
    welcome! i've spent hours trying and countless reinstals to solve this
    problem without any luck.

    would be sad to switch back to w2k ;-(

    - thomas
     
    Thomas, May 18, 2005
    #3
  4. Thomas

    Thomas Guest

    i'm sorry to inform you changing the MTU didn't help at all. the problem
    seems to be accumulating over time.
    the longer the server runs, the more paket loss, the more vpn disconnects,
    the worse smtp mailing gets ;-(

    - thomas


     
    Thomas, May 20, 2005
    #4
  5. Thomas

    Blake Guest

    I am seeing a similar problem - we have an enterprise app (Blackboard) that
    is running on a new install of Win2K3 SP1. This app tries to connect to our
    SMTP server to send mails. The Win2K3 server cannot connect to our SMTP
    server on TCP 25.

    A packet capture shows no attempt - nothing. I can ping the SMTP server
    with no trouble, can do a standard telnet to other machines. Just can't
    make an SMTP connection.

    The only thing between the servers is a Cisco switch - no firewall, no
    routers. I can't even telnet from my Windows server to the SMTP server on
    port 25 with any success (from a command line).

    Blake
     
    Blake, May 25, 2005
    #5
  6. Thomas

    Isaac Guest

    Hi there.

    I recently had the same trouble on our network and came within a week
    of losing my job. Whenever I would hack registries and lower my MTU,
    things began to work. But as it turns out, the entire problem was due
    to a Windows 2000 Server automatic update. This update was also given
    for XP, and Win2k3 Server. The update was a reinstall of the TCP/IP
    stack files in order to seal a security hole. That update broke our
    entire network. It was because of devices with differing MTUs and a
    LAN/WAN environment according to the MS KB article. To us, the problem
    surfaced as RDP/Terminal Services just giving a black screen, SQL
    Database replications and DTS packages failing, Active Directory
    replication failing, email failures, and other weirdnesses. The url to
    the Windows knowledge base article is here if it will help you:
    "http://support.microsoft.com/kb/898060/?" - but again, I can't be
    responsible for what you do, blah blah blah, cover my butt, etc. If it
    saves you from any more heart-ache and late night caffeine binges, I'll
    be glad to have been of service.

    Thanks,
    -Isaac Morton
     
    Isaac, Jun 2, 2005
    #6
  7. yeah, we has troubles with sp1 installed on w2k3ee where an exchange
    server working.
    clients from ipsec-secured subnets unable to recieve or send mail through
    exchange.
    solution with mtu changin' from kb898069 works, and we have _not_ any
    other troubles... but we have 2000 native domain...
    that thing stop us from moving to 2k3 at this time.
     
    Aleksey \Carcass\ Melnick, Jun 28, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.