Announcement

Collapse
No announcement yet.

MTU size causes AD related issues while working among diff locations

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • MTU size causes AD related issues while working among diff locations

    Hi All,

    Its not a problem any more but I thought to share it with the forum as it might be helpful for someone else who is stuck up in the same thing:

    Scenario:

    Two different geographical locations (Saying location A and B) connected through high speed MPLS link (We recently moved to this MPLS earlier it was a lease line from some local ISP). Only physical site A is having Domain controller/s. AD design has a single logical site. Other physical site B is using the DCs in first physical location A means its also mapped to the same AD site.

    Problem:

    Everything was fine but after switching the network to MPLS we started facing below issues.

    1. When I was trying to assign some permission to the domain users on some resource in location B it is unable to retrieve the users/groups information from domain. It gives the error: Unable to connect LSA.
    2. We tried to join new clients they says that unable to get domain information.
    3. Outlook started to have sync issues.

    Solution:

    After spending enough amount of time we found that new link was not allowing the required MTU (Maximum transmission unit or packet size) size to travel through it. We configured it to allow the MTU of 1500 bytes and everything came into shape.

    Reason:

    Some services like AD use to send the packet of 1472 bytes even these services do not allow the fragmentation of packet and the same was causing the issue.

    How to make sure: Use ping to determine the same.

    Run the following command:

    C:\>Ping Dc-host-name l 1472 f

    It will send the packet of 1472 bytes and f option will put the DF bit on which will not allow the packet to be fragmented. If there will be any blockage with this packet of 1472 bytes then we will get the output something like below one:

    C:\ >ping xyz.abc.com -l 1472 -f

    Pinging xyz.abc.com [60.2.36.250] with 1472 bytes of data:

    Packet needs to be fragmented but DF set.
    Packet needs to be fragmented but DF set.
    Packet needs to be fragmented but DF set.
    Packet needs to be fragmented but DF set.

    Ping statistics for 58.2.36.200:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    Note:- If you will not use f option then you will be able to ping any size even if thats not permitted on the router as router will forward the packet with fragmentation.

    Supported KB: http://support.microsoft.com/kb/314825

    ** Make sure that your WAN team does not have any special configuration specific to ICMP.

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

  • #2
    Re: Thanks for sharing

    Thanks for sharing your answer with us! I'm sure others will also benefit from knowing what was wrong and how you fixed it.

    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: MTU size causes AD related issues while working among diff locations

      The packet size of 1472 is not required as long as PMTU discovery mechanism is working. If your network equipment is set up correctly, it should be able to deal with packets of 1500 and larger by fragmenting the packets to the desired MTU size of the relevant hop.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment

      Working...
      X