http://support.microsoft.com/kb/898060/
Network connectivity between clients and servers may fail. This failure occurs after the installation of either security update MS05-019 or Microsoft Windows Server 2003 Service Pack 1 (SP1). Any one or more of the following symptoms may occur:
| • |
Inability to connect to terminal servers or to file share access. |
| • |
Failure of domain controller replication across WAN links. |
| • |
Inability of Microsoft Exchange servers to connect to domain controllers. |
These symptoms are more likely to occur in WAN and LAN scenarios. These scenarios typically exist where routers and data-link level protocols that have different Maximum Transmission Units (MTUs) are used across the network. In this scenario, the sending host can receive several Internet Control Message Protocol (ICMP) destination unreachable messages that have MTU updates for a destination. These symptoms are most likely to occur if the following conditions are true:
| 1. |
During the PathMTUDiscovery process, several routers on the route to the destination send MTU updates to the source host. One of the possible reasons for this could be that source and destination hosts are in different WAN segments. Additionally, these segments are connected through a tunnel with a small MTU. |
| 2. |
Network load balancing, dynamic routing, or both are used. In this scenario, there are several possible routes to a destination that has MTUs that are different from the MTU of the sending subnet and that are different from each other. Therefore, changing the route of IP packets over time can produce several MTU updates for the destination address. |
Note There may be some other similar scenarios where these symptoms occur. These scenarios can typically be diagnosed by sniffing the network traffic on either the source host side or on one of the intermediate network routers. If there are multiple ICMP destination unreachable messages sent over time for a destination, the source host that has the MS05-019 security update or Windows Server 2003 SP1 installed is likely to have this problem.
This problem occurs because the code incorrectly increments the number of host routes on the computer when the code modifies the MTU size of a host route. The maximum number of host routes is controlled by the Registry Value in MaxIcmpHostRoutes. The default number of host routes is 1,000. Because of the incorrect increment, the number of host routes eventually reaches the maximum value. After the maximum value is reached, the ICMP packets are ignored
Important We recommend that you install both the MS05-019 security update as well as the hotfix if you experience this issue.
A supported hotfix is now available for download from the Microsoft Download Center.
Microsoft Windows Server 2003, x86-based versions with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=A0245532-0ACE-4B85-85BF-758E936173DF&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=A0245532-0ACE-4B85-85BF-758E936173DF&displaylang=en)
Microsoft Windows Server 2003, Itanium-based versions with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=538F2EFC-215B-4907-AF17-22851A370F8C&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=538F2EFC-215B-4907-AF17-22851A370F8C&displaylang=en)
Microsoft Windows Server 2003, x64-based versions with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=BAAFE288-9BC5-479B-88E5-EB7E06EAD443&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=BAAFE288-9BC5-479B-88E5-EB7E06EAD443&displaylang=en)
Microsoft Windows XP, x64-based versions
http://www.microsoft.com/downloads/details.aspx?FamilyId=E15C903D-8B6F-4B72-A8F3-BD58517AB156&displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyId=E15C903D-8B6F-4B72-A8F3-BD58517AB156&displaylang=en)
The hotfix corrects the network-connectivity problem that is described in this Microsoft Knowledge Base article. We recommend that you apply the hotfix to the systems that are experiencing this specific problem. You may also want to consider installing this hotfix to help prevent future connectivity problems similar to this one.
The updated hotfix for Windows Server 2003 Service Pack 1 (SP1) contains a change that addresses an issue that you experience only when you run Internet Security Systems (ISS) products.
To work around this problem, set the default MTU size to the largest size that the routers can process. The actual MTU value that is required to work around this problem depends on the network configuration. However, an MTU value of 576 should help reduce the effect of the problem because routers on the Internet should be able to handle such packets without fragmentation. You must reboot the computer for this registry change to take an effect. For more information about changing the MTU registry settings, click the following article numbers to view the articles in the Microsoft Knowledge Base:
120642 TCP/IP and NBT configuration parameters for Windows 2000 or Windows NT
314053 TCP/IP and NBT configuration parameters for Windows XP
Important Depending on the network configuration and typical networking applications used, setting a low default MTU value can cause the network performance to decrease.
The MTU parameter overrides the default Maximum Transmission Unit (MTU) for a network interface. The MTU is the maximum packet size in bytes that the transport transmits over the underlying network. The size includes the transport header. An IP datagram can span multiple packets. Values larger than the default value for the underlying network cause the transport to use the network default MTU. Values smaller than 68 cause the transport to use an MTU of 68.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ID for Adapter
Value Type: REG_DWORD Number
Valid Range: 68 to the MTU of the underlying network
Default: 0xFFFFFFFF
Note ID for Adapter is the network adapter to which TCP/IP is bound. To determine the relationship between an adapter ID and a network connection, view HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\ID for Adapter\Connection. The Name value in these keys provides the friendly name for a network connection that is used in the Network Connections folder. Values under these keys are specific to each adapter. Parameters that have a DHCP configured value and a statically configured value may or may not exist. Their existence depends on whether the computer or the adapter is DHCP configured and whether static override values are specified.