We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Problem changing interface MTU on windows server 2003

Medium Priority
Last Modified: 2013-11-09
My current network diagram is,

I'm having connection problem when accessing my web server from the internet, looks like the connection only transferred a portion of the webpage and suddenly disconnects it.

I've tried troubleshooting it, and narrows it to the web server's MTU problem.

Wireshark shows multiple ICMP (FRAGMENTATION NEEDED) from the ADSL modem to the server stating that the next hop MTU is 1432. (this means that ICMP is not being blocked by the firewall)

But my web server is still sending oversized packets, sized 2704 bytes and continously being dropped.

The first time i thought this was because of the dual NAT-ing, ADSL & Mikrotik. I tried lowering the public interface in mikrotik to 1400, but now the ICMP (fragmentation needed) comes from the router not from the modem and STILL my web server tries to resend 2704 bytes packets.

I've also tried manually lowering the MTU using the registry keys founded here,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<ID for network interface>

but wireshark shows that my server still sends 2704 bytes packets. Looks like changing the registry key have no effects at all.

I'm using an intel server motherboard,
the onboard nic is an "Intel(R) PRO/1000 EB Network Connection with I/O Acceleration"

I've tried updating the driver to the latest version, and still no success.
Watch Question

Try disableing TOE on the NIC on the 2003 server.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Did you reboot the server after the registry change? Is the DSL modem set for 1492 for MTU? Is it set to fragment packets?


Is this the same with setting the TCP chimney disabled ?
I haven't tried that, i'll give it a shot.

Yes i did reboot the server, i'm using a prolink hurricane ADSL modem, i dont think there's a setting to adjust WAN mtu on the modem. And the packet being retransmitted has a (DF don't fragment) flag set.

I can access my webserver perfectly if i connect it through VPN, VPN has a builtin 1400MTU.


Oh correction,
the MTU on the modem WAN link is 1432. But i haven't found the settings to set fragment packets or not.


Setting the CHIMNEY to DISABLED using 'netsh' still doesn't solve my problem. I still keep getting the ICMP error.

Another information,
I was trying to browse the webserver using opera mini from my blackberry device, and it WORKS. I don't know why but it works if i'm using a blackberry.

I still keep getting the ICMP error packets, but the server adjusts the MTU and retransmitted it perfectly.

I can post a screenshot of the wireshark capture if anyone needs it.


I'm using sp2, and all the latest update from windowsupdate.

I followed your MTU ping test to www.yahoo.com,
and 1372 is the biggest size i can get through.

I've already tried modifying the MTU using the registry key, still the NIC tries to send 2704 bytes packets.

'netsh interface ip show interface' output shows the MTU is still 1500 for the interface.

did you manually configure the mode of operation? This means did you define Autonegotiate, 1000 Mb full duplex, 100mb full duplex, or 10Mb full duplex between the nodes. They might not be able to negotiate the connection between them.

Maybe they are not negotiating the handshake between them and causing the excessively large packets.
I barely remember some TCP/IP basics: (so, I may be off queue here)

When doing an Ping -f test the best you will get is 1372 packets. This is a 1400 MTU -20 for the header and -8 for the ping.

You have it currently set for 1500, I believe that is the default setting for 2003 server.

Top Expert 2008


try forcing MSS on the MT router:

/ip firewall mangle add out-interface=<outbound interface> protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward

where <outbound interface> is the interface that connects to the internet - if it is an ethernet connection, just use the interface ID (e.g. ether1) of if it is a ppp dialer, put the ppp interface name, (e.g. pppoe-out1)



Since i upgraded my driver, the intel proset "advanced tab" in the device manager -> network adapter is missing. I'll try to reinstall it again. And the last time i checked there, it's set to autonegotiate.

Yes MTU 1500 is the default for w2k3, but isn't 'netsh' suppose to show the overrided value after i changed it using the MTU registry key ?

I'll definitely try your solution. So correct me if i'm wrong, if the mikrotik overrided the packet length to 1300, what happens to the rest >1300 bytes ?
Is't discarded, or mikrotik will try to fragment it and retransmit it by itself ?


Oh maybe this further info can help you guys,

The mikrotik is running as a VM using vmware in the webserver box. So 2 nics, 1 goes in to  the modem, 1 goes in to the switch.

I'm using the same setup in another place, but everything works fine. The difference is that i'm using a cable modem in bridged mode directly to the mikrotik.


Here is the wireshark capture logs,
one is captured when using desktop pc & firefox and one is captured using a blackberry device & opera mini. - ADSL modem. - Webserver. - my desktop public ip. - my blackberry ip.

Beginning to get frustrated here.

Let me know if you guys need anything,

@Meverest i tried using your mikrotik mangle rule, but still no good.

Oh the capture log are made before i applied your rule.


You know, I have never seen anyone hook directly to the modem before. Usually, they have a little router they hide behind. Even though you set the MTU via a registry key, there is still some negotiation between the nodes of the network to determine the MTU settings. I am wondering if these negotiations are overridign manual edits.


My other realtek based server NIC works fine, same setup.

But, if this setup is supposed to NOT work, how come when i access it using a blackberry it works fine !?


I am researching this one. I am currently stumped.


I'm currently trying turning off all TCP-OFFLOAD features in the NICS.

Sucky thing is, the 'advanced tab' on the intel proset device manager ONLY appears when i logged in directly in the machine, not when using a remote desktop.

Fortunately i've already installed logmein in it.

i'll let you know the progress,


turning off all TCP-OFFLOAD solves the problem.

I got no tcp-checksum error and ICMP fragmentation errors now.

thanks mate. although i need to search further where to turn off this feature.

Can anyone explain to me why turning off this feature solves the problem ?

looking into it, will get back with you tonight.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.