[THIN] Re: Client disconnections due to security hotfix MS05-019 and Windows Server 2003 SP1

• From: Rick Mack <ulrich.mack@xxxxxxxxx>
• To: thin@xxxxxxxxxxxxx
• Date: Mon, 20 Jun 2005 21:39:45 +1000

Hi People,

About a month ago one of our customers started having problems with
remote terminal server users dropping off and not being able to
reconnect, but local users could still connect and work without
problems. The problem slowly became more severe, despite the fact the
the terminal server wasn't heavily loaded.

Tried upgrading to Windows 2003 SP1 and the problem became even worse.

Turns out to have been an MTU size issue (with XDSL connections)
induced by MSO5-019 and made worse by Windows 2003 SP1. After a period
of time the server/client thinks the remote host is unavailable due to
retransmissions and timeouts.
 
Microsoft have released a new hotfix to fix the problem. What they
don't mention is that it doesn't  install on a server with Windows
2003 SP1. Had get another version that was compatible with 2003 SP1.
 
Anyway, the article:

KB Article 898060

Note that the Post SP1 hotfix is different to the one offered to fix
the problem.

Installing security update MS05-019 or Windows Server 2003 Service
Pack 1 may cause network connectivity between clients and servers to
fail
Network connectivity between clients and servers may fail. This
failure occurs after the installation of either security update
MS05-019 or Microsoft Windows Server 2003 Service Pack 1 (SP1). Any
one or more of the following symptoms may occur:

• Inability to connect to terminal servers or to file share access. 
• Failure of domain controller replication across WAN links. 
• Inability of Microsoft Exchange servers to connect to domain controllers. 

These symptoms are more likely to occur in WAN and LAN scenarios.
These scenarios typically exist where routers and data-link level
protocols that have different Maximum Transmission Units (MTUs) are
used across the network. In this scenario, the sending host can
receive several Internet Control Message Protocol (ICMP) destination
unreachable messages that have MTU updates for a destination. These
symptoms are most likely to occur if the following conditions are
true:

1. During the PathMTUDiscovery process, several routers on the route
to the destination send MTU updates to the source host. One of the
possible reasons for this could be that source and destination hosts
are in different WAN segments. Additionally, these segments are
connected through a tunnel with a small MTU.
 
2. Network load balancing, dynamic routing, or both are used. In this
scenario, there are several possible routes to a destination that has
MTUs that are different from the MTU of the sending subnet and that
are different from each other. Therefore, changing the route of IP
packets over time can produce several MTU updates for the destination
address

regards,

Rick

Ulrich Mack
Volante Systems

Other related posts:

• » [THIN] Re: Client disconnections due to security hotfix MS05-019 and Windows Server 2003 SP1

1. Home
2. thin
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---