From: Halliburton, Larry G. (Larry.Halliburton@ngb.ang.af.mil)
Date: Thu Jun 10 2004 - 13:19:18 GMT-3
You may be having an issue with mtu size. The initial communication between
the client and DC uses small packets. This will allow the logon to occur.
However, when data is transferred the packets are maxed out and segmented by
TCP. When a 1520 byte packet receives the overhead required to enter a GRE
tunnel it is fragmented. TCP numbers the fragments and lets the end station
re- construct the original data. These 2 fragments consist of another maxed
out packet and a small fragment. If there is any more overhead for that
larger fragment anywhere in the network path, it will be fragmented. The
result is that TCP's numbering scheme is compromised and the destination
device is unable to reconstruct the original packet. The solution is to
reduce the mtu size on a router/firewall or even on the client/server to
1460 or less so that you do not fragment a fragment in your network path.
This may not be the problem, but I've learned to look at this whenever
tunnels are involved.
Hth,
Larry Halliburton
-----Original Message-----
From: ccielab@cox.net [mailto:ccielab@cox.net]
Sent: Wednesday, June 09, 2004 11:49 PM
To: ccielab@groupstudy.com
Subject: OT: Windows networking over gre tunnel interface
Dear group, please help. I have several sites that have 100M comm and
windows clients and the server is at a central location. At each site we
are using Microsoft AD and Win2k, user logon to the primary server at the
central to get their profile. I now have come into a situation where the
connection to a site is now through GRE tunnels instead of physical comm.
The cleint logs on, but the connection drops after a minute. I thought
that MS networking with 2000 is supposed to be over IP, and lnot relying on
the NBT broadcast anymore. Is there an issue running windows login over a
network with gre tunnels between the cleint and server?
TIA
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:37 GMT-3