First published on TechNet on Mar 19, 2007
[Today's post comes to us courtesy of David Copeland, Justin Crosby, Mike Lieser and Damian Leibaschoff]
[EDIT] For an updated version of this post, please see
http://blogs.technet.com/sbs/archive/2007/04/24/common-networking-issues-after-applying-windows-...
.
After installing Windows 2003 Service Pack 2 on SBS 2003 with ISA 2004 installed, you may experience the following problems:
-You can no longer successfully connect inbound using VPN (Clients get "Error
800
: Unable to establish connection").
-You cannot reliably connect to the Internet using SecureNat.
-Some Outlook clients will fail to connect to the Exchange server (even with
ISA 2004 SP2
and
KB930414
installed).
(We are still discussing and testing other symptoms that could be related, but if you are having networking issues after the service pack, consider the solution provided on this post. We will update this list as we find more factual information.)
There are several potential causes for these problems, but on this case, we will focus on a feature called
Receive Side Scaling
that is enabled by Windows Server 2003 SP2 (also enabled in
the Microsoft Windows Server 2003 Scalable Networking Pack
). Note that not all Network Cards will provide this feature, also keep in mind that this might affect SBS machines using RRAS for their NAT solution.
You cannot host Transmission Control Protocol (TCP) connections when
Receive Side Scaling
is enabled, you have Microsoft Windows Server 2003 with Service Pack 2 (SP2) and you use Network Address Translation (NAT) on the server. The TCP connections will be reset.
Update: The following KB explaining the behavior is now public:
KB 927695 "You cannot host TCP connections when Receive Side Scaling is enabled in Wi...
You can disable this feature from the advanced properties of the network card under the network interface properties or you can perform the registry changes provided below.
You can
disable
the
RSS support
from the TCP/IP stack by doing the following:
Warning
Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
To work around this problem, disable Receive Side Scaling when the computer is configured as an Internet Connection Sharing gateway. To do this, follow these steps:
1. Click Start, click Run, type regedit , and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
3. On the Edit menu, point to New, click DWORD Value, and then type
EnableRSS
.
4. Double-click
EnableRSS
, type
0
, and then click OK.
5. Exit Registry Editor.
If you are still experiencing problems (like slow file copying), you should also
disable Offloading
support:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters
3. In the right pane, make sure that the
DisableTaskOffload
registry entry exists. If this entry does not exist, follow these steps to add the entry:
a. On the Edit menu, point to New, and then click DWORD Value, and then type
DisableTaskOffload
.
4. Double-Click
DisableTaskOffload
, type
1
, and then click OK.
5. Exit Registry Editor.
(Reboot to make both changes effective)
Update 2:
We have seen several situations where even after completing the steps above, VPN would still not work. On those cases, updating the NIC drivers to the latest version resolved the problem. So, make sure you have the latest version for your Network Card drivers. Most manufacturers have released updated drivers very recently.
Regards,
The SBS Bloggers team