[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Problem changing interface MTU on windows server 2003

Posted on 2009-02-18
18
Medium Priority
?
5,115 Views
Last Modified: 2013-11-09
My current network diagram is,
WEB SERVER <--> MIKROTIK ROUTER <--> ADSL MODEM <--> INTERNET

I'm having connection problem when accessing my web server from the internet, looks like the connection only transferred a portion of the webpage and suddenly disconnects it.

I've tried troubleshooting it, and narrows it to the web server's MTU problem.

Wireshark shows multiple ICMP (FRAGMENTATION NEEDED) from the ADSL modem to the server stating that the next hop MTU is 1432. (this means that ICMP is not being blocked by the firewall)

But my web server is still sending oversized packets, sized 2704 bytes and continously being dropped.

The first time i thought this was because of the dual NAT-ing, ADSL & Mikrotik. I tried lowering the public interface in mikrotik to 1400, but now the ICMP (fragmentation needed) comes from the router not from the modem and STILL my web server tries to resend 2704 bytes packets.

I've also tried manually lowering the MTU using the registry keys founded here,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<ID for network interface>

but wireshark shows that my server still sends 2704 bytes packets. Looks like changing the registry key have no effects at all.

I'm using an intel server motherboard,
the onboard nic is an "Intel(R) PRO/1000 EB Network Connection with I/O Acceleration"

I've tried updating the driver to the latest version, and still no success.
0
Comment
Question by:carmalegno
18 Comments
 
LVL 15

Accepted Solution

by:
wantabe2 earned 1000 total points
ID: 23672827
Try disableing TOE on the NIC on the 2003 server.
0
 
LVL 15

Expert Comment

by:tntmax
ID: 23673643
Did you reboot the server after the registry change? Is the DSL modem set for 1492 for MTU? Is it set to fragment packets?
0
 

Author Comment

by:carmalegno
ID: 23678101
@wantabe
Is this the same with setting the TCP chimney disabled ?
I haven't tried that, i'll give it a shot.

@tntmax
Yes i did reboot the server, i'm using a prolink hurricane ADSL modem, i dont think there's a setting to adjust WAN mtu on the modem. And the packet being retransmitted has a (DF don't fragment) flag set.

I can access my webserver perfectly if i connect it through VPN, VPN has a builtin 1400MTU.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 

Author Comment

by:carmalegno
ID: 23678113
@tntmax
Oh correction,
the MTU on the modem WAN link is 1432. But i haven't found the settings to set fragment packets or not.
0
 

Author Comment

by:carmalegno
ID: 23678324
@wantabe2
Setting the CHIMNEY to DISABLED using 'netsh' still doesn't solve my problem. I still keep getting the ICMP error.

Another information,
I was trying to browse the webserver using opera mini from my blackberry device, and it WORKS. I don't know why but it works if i'm using a blackberry.

I still keep getting the ICMP error packets, but the server adjusts the MTU and retransmitted it perfectly.

I can post a screenshot of the wireshark capture if anyone needs it.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 23678488
0
 

Author Comment

by:carmalegno
ID: 23678748
@chiefit
I'm using sp2, and all the latest update from windowsupdate.

I followed your MTU ping test to www.yahoo.com,
and 1372 is the biggest size i can get through.

I've already tried modifying the MTU using the registry key, still the NIC tries to send 2704 bytes packets.

'netsh interface ip show interface' output shows the MTU is still 1500 for the interface.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 23678979
did you manually configure the mode of operation? This means did you define Autonegotiate, 1000 Mb full duplex, 100mb full duplex, or 10Mb full duplex between the nodes. They might not be able to negotiate the connection between them.

Maybe they are not negotiating the handshake between them and causing the excessively large packets.
_______________________________________________
I barely remember some TCP/IP basics: (so, I may be off queue here)

When doing an Ping -f test the best you will get is 1372 packets. This is a 1400 MTU -20 for the header and -8 for the ping.

You have it currently set for 1500, I believe that is the default setting for 2003 server.

0
 
LVL 37

Expert Comment

by:meverest
ID: 23679068
Hi,

try forcing MSS on the MT router:

/ip firewall mangle add out-interface=<outbound interface> protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward

where <outbound interface> is the interface that connects to the internet - if it is an ethernet connection, just use the interface ID (e.g. ether1) of if it is a ppp dialer, put the ppp interface name, (e.g. pppoe-out1)

Cheers.
0
 

Author Comment

by:carmalegno
ID: 23679786
@ChiefIT
Since i upgraded my driver, the intel proset "advanced tab" in the device manager -> network adapter is missing. I'll try to reinstall it again. And the last time i checked there, it's set to autonegotiate.

Yes MTU 1500 is the default for w2k3, but isn't 'netsh' suppose to show the overrided value after i changed it using the MTU registry key ?

@meverest
I'll definitely try your solution. So correct me if i'm wrong, if the mikrotik overrided the packet length to 1300, what happens to the rest >1300 bytes ?
Is't discarded, or mikrotik will try to fragment it and retransmit it by itself ?
0
 

Author Comment

by:carmalegno
ID: 23679875
Oh maybe this further info can help you guys,

The mikrotik is running as a VM using vmware in the webserver box. So 2 nics, 1 goes in to  the modem, 1 goes in to the switch.

I'm using the same setup in another place, but everything works fine. The difference is that i'm using a cable modem in bridged mode directly to the mikrotik.
0
 

Author Comment

by:carmalegno
ID: 23680507
Here is the wireshark capture logs,
one is captured when using desktop pc & firefox and one is captured using a blackberry device & opera mini.

192.168.2.1 - ADSL modem.
192.168.5.1 - Webserver.

118.137.193.126 - my desktop public ip.
64.255.180.31 - my blackberry ip.

Beginning to get frustrated here.

Let me know if you guys need anything,

@Meverest i tried using your mikrotik mangle rule, but still no good.

Oh the capture log are made before i applied your rule.


Web--BB-.txt
Web--FF-.txt
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 23689177
You know, I have never seen anyone hook directly to the modem before. Usually, they have a little router they hide behind. Even though you set the MTU via a registry key, there is still some negotiation between the nodes of the network to determine the MTU settings. I am wondering if these negotiations are overridign manual edits.
0
 

Author Comment

by:carmalegno
ID: 23689208
My other realtek based server NIC works fine, same setup.

But, if this setup is supposed to NOT work, how come when i access it using a blackberry it works fine !?

*arrgh..
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 23689288
I am researching this one. I am currently stumped.
0
 

Author Comment

by:carmalegno
ID: 23689317
I'm currently trying turning off all TCP-OFFLOAD features in the NICS.

Sucky thing is, the 'advanced tab' on the intel proset device manager ONLY appears when i logged in directly in the machine, not when using a remote desktop.

Fortunately i've already installed logmein in it.

i'll let you know the progress,
0
 

Author Comment

by:carmalegno
ID: 23689513
Finally,
turning off all TCP-OFFLOAD solves the problem.

I got no tcp-checksum error and ICMP fragmentation errors now.

@wantabe2
thanks mate. although i need to search further where to turn off this feature.

Can anyone explain to me why turning off this feature solves the problem ?

0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 23693165
looking into it, will get back with you tonight.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Netscaler #MSSQL #Load Balance
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question