Announcement

Collapse
No announcement yet.

WNLB "TCP DOS" issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WNLB "TCP DOS" issues

    Hi,

    We have in our production farm a mixed 2000/2003 web servers cluster.

    When we added the first 2003 machine, all was going smoothly (apart from the basic "mixed cluster" warning). After a while we started seeing the following event pairs in the 2003 System event log:
    Source: WLBS
    Event ID: 1
    Type: Information
    Description:
    ----------------------
    NLB Cluster : TCP DOS = 1.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...
    ----------------------

    Source: WLBS
    Event ID: 1
    Type: Information
    Description:
    ----------------------
    NLB Cluster : TCP DOS = 0.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...
    ----------------------


    First comes the "TCP DOS = 1" and after a few seconds the "TCP DOS = 0".
    Usually it doesn't effect the server's performance, but lately this caused the server to stop participating in the NLB cluster! On those occasions the difference between the "TCP DOS = 1" and the "TCP DOS = 0" was 3 hours.

    This seems to be related to the TCP SYN attack protection mechanism, but I'm not sure.

    Any way for me to protect the server better and prevent it from disconnections from the cluster?

    Thanks,
    Tom
    Last edited by eltoro200; 27th March 2008, 18:44.
Working...
X