<<VPN, SecureNat/Nat and Outlook clients not working after installingWindows Service Pack 2 in SBS 2

Discussion in 'Windows Small Business Server' started by Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Mar 20, 2007.

  1. http://blogs.technet.com/sbs/archiv...ndows-service-pack-2-in-sbs-2003-premium.aspx

    [Today's post comes to us courtesy of David Copeland, Justin Crosby,
    Mike Lieser and Damian Leibaschoff]

    After installing Windows 2003 Service Pack 2 on SBS 2003 with ISA 2004
    installed, you may experience the following problems:
    -You can no longer successfully connect inbound using VPN (Clients get
    "Error 800: Unable to establish connection").

    -You cannot reliably connect to the Internet using SecureNat.

    -Some Outlook clients will fail to connect to the Exchange server (even
    with ISA 2004 SP2 and KB930414 installed).

    (We are still discussing and testing other symptoms that could be
    related, but if you are having networking issues after the service pack,
    consider the solution provided on this post. We will update this list as
    we find more factual information.)

    There are several potential causes for these problems, but on this case,
    we will focus on a feature called Receive Side Scaling that is enabled
    by Windows Server 2003 SP2 (also enabled in the Microsoft Windows Server
    2003 Scalable Networking Pack). Note that not all Network Cards will
    provide this feature, also keep in mind that this might affect SBS
    machines using RRAS for their NAT solution.

    You cannot host Transmission Control Protocol (TCP) connections when
    Receive Side Scaling is enabled, you have Microsoft Windows Server 2003
    with Service Pack 2 (SP2) and you use Network Address Translation (NAT)
    on the server. The TCP connections will be reset.

    We are working on getting more detailed technical information released
    on why this is a problem. Basically, the key here is that when NAT
    modifies the packet it will cause the software hash and the hardware
    hash to not match and the packet to be dropped.

    You can disable this feature from the advanced properties of the network
    card under the network interface properties or you can perform the
    registry changes provided below.

    You can disable the RSS support from the TCP/IP stack by doing the
    following:
    Warning Serious problems might occur if you modify the registry
    incorrectly by using Registry Editor or by using another method. These
    problems might require that you reinstall the operating system.
    Microsoft cannot guarantee that these problems can be solved. Modify the
    registry at your own risk.
    To work around this problem, disable Receive Side Scaling when the
    computer is configured as an Internet Connection Sharing gateway. To do
    this, follow these steps:

    1. Click Start, click Run, type regedit , and then click OK.

    2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    3. On the Edit menu, point to New, click DWORD Value, and then type
    EnableRSS .

    4. Double-click EnableRSS, type 0 , and then click OK.

    5. Exit Registry Editor.

    If you are still experiencing problems (like slow file copying), you
    should also disable Offloading support:
    1. Click Start, click Run, type regedit, and then click OK.

    2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    3. In the right pane, make sure that the DisableTaskOffload registry
    entry exists. If this entry does not exist, follow these steps to add
    the entry:

    a. On the Edit menu, point to New, and then click DWORD Value, and then
    type DisableTaskOffload .

    4. Double-Click DisableTaskOffload, type 1, and then click OK.

    5. Exit Registry Editor.

    (Reboot to make both changes effective)



    Regards,

    The SBS Bloggers team
     
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Mar 20, 2007
    #1
    1. Advertisements

  2. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

    POP Guest

    Thank you for that info Susan.

    Personally, my view is that I shouldn't have to 'tweak' servers to apply a
    service pack. What else can go wrong. It does seem this link covers the
    majority of problems highlighted in this NG but not all.

    It should be advised, hold off SP2 till patch is fixed and then re-released?




     
    POP, Mar 20, 2007
    #2
    1. Advertisements

  3. There's no guarantee this will get fixed, Pop.

    They (MS) may not deem it needing fixing.
     
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Mar 20, 2007
    #3
  4. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

    POP Guest

    Hi Susan, seeing more and more SP2 failures here and on the web.

    This wasn't ready to roll out... it was done very quietly... get impression
    lets roll it out and see what happens... ;-)

    Previously we SBS had to wait a while after general Server SP was released
    for 'our version' how come different now ?


     
    POP, Mar 20, 2007
    #4
  5. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]

    POP Guest

    Should of added, even 2003 server land is having issues...


     
    POP, Mar 20, 2007
    #5
  6. Because SP1 specifically broke our wizards is why.

    Sp2 just nails everyone (sorry ... sick humor for the day)
     
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Mar 21, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.