"The issue is a patched server sends out a packet and receives an ICMP
Destination Unreachable. Normally the packet would be resent using a smaller
size, but the bug causes the ICMP to be ignored and usually the same packet is
sent again. The result is that the packet never reaches the destination, and
the result of this could cause any number of problems. This caused replication
Active Directory replication issues for us as well as Exchange 2003
connectivity issues over the VPN. You will see Event ID's 1232 and 1188 on your
domain controllers from source NTDS Replication. You will also see 1726 and
1818 failure codes in Replmon. Article 830746 discusses Event ID's 1232 and
1188 but increasing the replication RPC timeout may not help.
The workaround is to either uninstall the patch or set the MTU size to match
your environment. I saw the issue is a total meshed VPN network. All sites are
connected via Checkpoint VPN's so we set the MTU size to 1430 so the packets
will not get fragmented. 1430 allows enough space for encryption of about 60
bytes so the packet does not go over 1500 and need to be fragmented.
To set MTU size:
Put a registry value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\(Interface
Guid)
Creat DWORD value: MTU with a decimal value of the maximum workable MTU size.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
