TCP/IP connections problems on Win2003 Entreprise Server

Hi All,

I'm encountering a strange problem that seems to deal with TCP/IP Windows
stack. After some time my system (Windows Server 2003 Enterprise / on one
node of an active-standby cluster) is going in a very strange state : all
current TCP connections are ok, but all new connections are reseted.

My System <-- SYN <-- Client
My System --> SYN,ACK --> Client
My System <-- ACK <-- Client
My System --> RST --> Client

The problem appears with my application, with Terminal Server, with the BMC
Patrol agent, IIS FTP Server, McAfee ePO, ... seems to be all TCP/IP
servers.
Restarting some processes can help to solve the problem (restart IIS FTP
Server make it work again), but for low level TCP connection, like NetBios
or Terminal Server, the reboot is the only way.

I don't have any problem with UDP.
My system have 5 IP and the problem doesn't depend on the interface from
witch are coming the connections.

Bellow are some more detailed Ethereal traces :

thank for your help :o)

Didier



TRACES :
172.16.192.64 is my client
10.123.23.173 is my Server IP listening on 17260 port (my application).



No. Time Source Destination Protocol
Info
30512 13:12:57.918759 172.16.192.64 10.123.23.173 TCP
2385 > 17260 [SYN] Seq=0 Ack=0 Win=32768 Len=0 MSS=1460 WS=0

Frame 30512 (62 bytes on wire, 62 bytes captured)
Arrival Time: Jul 25, 2006 13:12:57.918759000
Time delta from previous packet: 1.099363000 seconds
Time since reference or first frame: 325.691911000 seconds
Frame Number: 30512
Packet Length: 62 bytes
Capture Length: 62 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: Cisco_14:6a:c2 (00:14:f2:14:6a:c2), Dst: HewlettP_55:53:82
(00:15:60:55:53:82)
Destination: HewlettP_55:53:82 (00:15:60:55:53:82)
Source: Cisco_14:6a:c2 (00:14:f2:14:6a:c2)
Type: IP (0x0800)
Internet Protocol, Src: 172.16.192.64 (172.16.192.64), Dst: 10.123.23.173
(10.123.23.173)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x9f64 (40804)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (0x06)
Header checksum: 0x16eb [correct]
Good: True
Bad : False
Source: 172.16.192.64 (172.16.192.64)
Destination: 10.123.23.173 (10.123.23.173)
Transmission Control Protocol, Src Port: 2385 (2385), Dst Port: 17260
(17260), Seq: 0, Ack: 0, Len: 0
Source port: 2385 (2385)
Destination port: 17260 (17260)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 32768
Checksum: 0xba69 [correct]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)

0000 00 15 60 55 53 82 00 14 f2 14 6a c2 08 00 45 00 ..`US.....j...E.
0010 00 30 9f 64 40 00 36 06 16 eb ac 10 c0 40 0a 7b .0.d@.6......@.{
0020 17 ad 09 51 43 6c 12 64 5c 1b 00 00 00 00 70 02 ...QCl.d\.....p.
0030 80 00 ba 69 00 00 02 04 05 b4 01 03 03 00 ...i..........




No. Time Source Destination Protocol
Info
30513 13:12:57.918790 10.123.23.173 172.16.192.64 TCP
17260 > 2385 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0

Frame 30513 (62 bytes on wire, 62 bytes captured)
Arrival Time: Jul 25, 2006 13:12:57.918790000
Time delta from previous packet: 0.000031000 seconds
Time since reference or first frame: 325.691942000 seconds
Frame Number: 30513
Packet Length: 62 bytes
Capture Length: 62 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: HewlettP_55:53:82 (00:15:60:55:53:82), Dst:
All-HSRP-routers_08 (00:00:0c:07:ac:08)
Destination: All-HSRP-routers_08 (00:00:0c:07:ac:08)
Source: HewlettP_55:53:82 (00:15:60:55:53:82)
Type: IP (0x0800)
Internet Protocol, Src: 10.123.23.173 (10.123.23.173), Dst: 172.16.192.64
(172.16.192.64)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x694a (26954)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4305 [correct]
Good: True
Bad : False
Source: 10.123.23.173 (10.123.23.173)
Destination: 172.16.192.64 (172.16.192.64)
Transmission Control Protocol, Src Port: 17260 (17260), Dst Port: 2385
(2385), Seq: 0, Ack: 1, Len: 0
Source port: 17260 (17260)
Destination port: 2385 (2385)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 16384
Checksum: 0x6e79 [correct]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SEQ/ACK analysis
This is an ACK to the segment in frame: 30512
The RTT to ACK the segment was: 0.000031000 seconds

0000 00 00 0c 07 ac 08 00 15 60 55 53 82 08 00 45 00 ........`US...E.
0010 00 30 69 4a 00 00 80 06 43 05 0a 7b 17 ad ac 10 .0iJ....C..{....
0020 c0 40 43 6c 09 51 ba fd d0 e1 12 64 5c 1c 70 12 .@xxxxxxxxxx\.p.
0030 40 00 6e 79 00 00 02 04 05 b4 01 03 03 00 @.ny..........




No. Time Source Destination Protocol
Info
30514 13:12:57.922269 172.16.192.64 10.123.23.173 TCP
2385 > 17260 [ACK] Seq=1 Ack=1 Win=33580 Len=0

Frame 30514 (60 bytes on wire, 60 bytes captured)
Arrival Time: Jul 25, 2006 13:12:57.922269000
Time delta from previous packet: 0.003479000 seconds
Time since reference or first frame: 325.695421000 seconds
Frame Number: 30514
Packet Length: 60 bytes
Capture Length: 60 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: Cisco_14:6a:c2 (00:14:f2:14:6a:c2), Dst: HewlettP_55:53:82
(00:15:60:55:53:82)
Destination: HewlettP_55:53:82 (00:15:60:55:53:82)
Source: Cisco_14:6a:c2 (00:14:f2:14:6a:c2)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: 172.16.192.64 (172.16.192.64), Dst: 10.123.23.173
(10.123.23.173)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x9f65 (40805)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 54
Protocol: TCP (0x06)
Header checksum: 0x16f2 [correct]
Good: True
Bad : False
Source: 172.16.192.64 (172.16.192.64)
Destination: 10.123.23.173 (10.123.23.173)
Transmission Control Protocol, Src Port: 2385 (2385), Dst Port: 17260
(17260), Seq: 1, Ack: 1, Len: 0
Source port: 2385 (2385)
Destination port: 17260 (17260)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 33580
Checksum: 0x5711 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 30513
The RTT to ACK the segment was: 0.003479000 seconds

0000 00 15 60 55 53 82 00 14 f2 14 6a c2 08 00 45 00 ..`US.....j...E.
0010 00 28 9f 65 40 00 36 06 16 f2 ac 10 c0 40 0a 7b .(.e@.6......@.{
0020 17 ad 09 51 43 6c 12 64 5c 1c ba fd d0 e2 50 10 ...QCl.d\.....P.
0030 83 2c 57 11 00 00 00 00 00 00 00 00 .,W.........




No. Time Source Destination Protocol
Info
30515 13:12:57.922349 10.123.23.173 172.16.192.64 TCP
17260 > 2385 [RST] Seq=1 Ack=2828629191 Win=0 Len=0

Frame 30515 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jul 25, 2006 13:12:57.922349000
Time delta from previous packet: 0.000080000 seconds
Time since reference or first frame: 325.695501000 seconds
Frame Number: 30515
Packet Length: 54 bytes
Capture Length: 54 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: HewlettP_55:53:82 (00:15:60:55:53:82), Dst:
All-HSRP-routers_08 (00:00:0c:07:ac:08)
Destination: All-HSRP-routers_08 (00:00:0c:07:ac:08)
Source: HewlettP_55:53:82 (00:15:60:55:53:82)
Type: IP (0x0800)
Internet Protocol, Src: 10.123.23.173 (10.123.23.173), Dst: 172.16.192.64
(172.16.192.64)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x694c (26956)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x430b [correct]
Good: True
Bad : False
Source: 10.123.23.173 (10.123.23.173)
Destination: 172.16.192.64 (172.16.192.64)
Transmission Control Protocol, Src Port: 17260 (17260), Dst Port: 2385
(2385), Seq: 1, Ack: 2828629191, Len: 0
Source port: 17260 (17260)
Destination port: 2385 (2385)
Sequence number: 1 (relative sequence number)
Header length: 20 bytes
Flags: 0x0004 (RST)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0xbce9 [correct]

0000 00 00 0c 07 ac 08 00 15 60 55 53 82 08 00 45 00 ........`US...E.
0010 00 28 69 4c 00 00 80 06 43 0b 0a 7b 17 ad ac 10 .(iL....C..{....
0020 c0 40 43 6c 09 51 ba fd d0 e2 ba fd d0 e2 50 04 .@xxxxxxxxxxxxxx
0030 00 00 bc e9 00 00 ......





.

Relevant Pages

  • Re: Recreating the Blank Form
    ... They are there so that you can glue toolbars into the form shape. ... The header has custom formulas to control its height and its placement ... to use the Shapesheet window to set these up. ... fixed value instead of a value dependent on the height of the overall frame. ...
    (microsoft.public.visio.general)
  • Re: Continue Question on the connecting a network receiver to Xvid Dec
    ... > frame is coming. ... You are using UDP, which implies several things: ... the datagrams may arrive at a variable rate ... fragment index, the fragment size and the total size, so ...
    (microsoft.public.win32.programmer.directx.video)
  • Re: persistent TCP connection over page reloads ?
    ... say a frame or another window. ... The global execution context: no. ... globalStorage & userData (this is very unlikely to work, ...
    (comp.lang.javascript)
  • Re: Need help with time stretching using STFT
    ... data from the input buffer, applies a linear window function, ... frequency of the sinusoid that ... then knowing what the frequency is, if the previous frame has a bump ... adjust is the value of that common time displacement. ...
    (comp.dsp)
  • RE: multiple modal dialogs
    ... There are two different ways of showing dialogs: ... Modal dialog (and any window for that matter) runs on the top of all ... While modal dialog relies on own message loop modeless relies on application ... that these frame windows can have there own modal ...
    (microsoft.public.vc.mfc)