[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    FW: Bug in Patch MS05-019
From:       "Eric Brunsen" <ebpublic () att ! net>
Date:       2005-04-21 0:06:09
Message-ID: 200504210019.j3L0JuP1027611 () mailer ! progressive-comp ! com
[Download RAW message or body]

From NTBugTraq... 


Wm. Eric Brunsen
MCSE Windows NT & 2000, MCSD, MCDBA, NT-CIP, CTT, MCT-Retired
Computing Systems Engineer
Dynicity, LLC

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM] On Behalf Of Brian G.
Sent: Wednesday, April 20, 2005 2:32 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Bug in Patch MS05-019

"The issue is a patched server sends out a packet and receives an ICMP
Destination Unreachable. Normally the packet would be resent using a smaller
size, but the bug causes the ICMP to be ignored and usually the same packet
is sent again.  The result is that the packet never reaches the destination,
and the result of this could cause any number of problems. This caused
replication Active Directory replication issues for us as well as Exchange
2003 connectivity issues over the VPN. You will see Event ID's 1232 and 1188
on your domain controllers from source NTDS Replication. You will also see
1726 and 1818 failure codes in Replmon. Article 830746 discusses Event ID's
1232 and 1188 but increasing the replication RPC timeout may not help.

The workaround is to either uninstall the patch or set the MTU size to match
your environment. I saw the issue is a total meshed VPN network. All sites
are connected via Checkpoint VPN's so we set the MTU size to 1430 so the
packets will not get fragmented. 1430 allows enough space for encryption of
about 60 bytes so the packet does not go over 1500 and need to be
fragmented.

To set MTU size:
Put a registry value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf
aces\(Interface Guid)

Creat DWORD value: MTU with a decimal value of the maximum workable MTU
size.



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone
who did not actually send you a virus may receive the notification and
scramble their support staff to find an infection which never existed in the
first place. Suggest such notifications be disabled by whomever is
responsible for your AV, or at least that the idea is considered.
--


---
PatchManagement.org is hosted by Shavlik Technologies

To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org.
If you are unable to use this unsubscribe address (because you've changed mail
accounts or your from address doesn't match the address known by the listserver)
you can still unsubscribe by sending an email to the unique 'List-Unsubscribe' 
address listed in the header of each email.
[prev in list] [next in list] [prev in thread] [next in thread]