Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: How MTU Size Affects Windows Login

How MTU Size Affects Windows Login 6 years 10 months ago #33320

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Long story short.

Why would having a small MTU size make loging into Windows take 10 min?

I had a point-to-point link from a provider that did not have jumbo frames enabled when using QinQ tunneling and it made logging into Windows take 10 min, but the overall speed wasn't bad. Once jumbo frames had been enabled everything was really fast.

Does it have to do with framententing the authentication frames or something?
The administrator has disabled public write access.

Re: How MTU Size Affects Windows Login 6 years 10 months ago #33323

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
Possibly. This may shed some light: support.microsoft.com/kb/244474

The article basically says that the Kerberos protocol initially tries to use UDP for authentication. The issue that you seem to be occurring in your situation is that when the UDP packets from Kerberos are sent over the tunnel, they are fragmented (because of the small MTU). When they are fragmented, they are lost (due to UDP's connectionless nature) and as a result this greatly delays the authentication process for Windows.

The article suggests changing a registry key on the client computer to for it to use TCP for Kerberos as this would overcome the issue presented by fragmentation.

I've had issues like this with VPN clients, and this solution has beautifully resolved those problems.
The administrator has disabled public write access.

Re: How MTU Size Affects Windows Login 6 years 10 months ago #33334

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
Interesting article...

If the UDP packets are lost in transmission when they arrive out of order due to fragmentation, why does the sever ever get logged in? Does the server simply try over and over unil the fragmented packets happen to arrive in order?
The administrator has disabled public write access.

Re: How MTU Size Affects Windows Login 6 years 10 months ago #33345

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
I suspect either that or the Kerberos protocol has built-in capabilities to resend packets that it receives no acknowledgement on....not sure. I glanced at the Kerberos RFC and saw some areas where it indicates that clients must resend requests.
The administrator has disabled public write access.

Re: How MTU Size Affects Windows Login 6 years 10 months ago #33348

  • skepticals
  • skepticals's Avatar
  • Offline
  • Expert Member
  • Posts: 783
  • Karma: 0
I'm just wonder why the low MTU makes the login take 10 minutes, but it eventually works. Or does it not work and it is only using cached credentials, and that is the timeout?
The administrator has disabled public write access.

Re: How MTU Size Affects Windows Login 6 years 10 months ago #33351

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Interesting talk.
Or does it not work and it is only using cached credentials, and that is the timeout?

You could try to temporarily disable caching of roaming profiles through local group policy. I believe this way it will not login using the cached credentials, so you will know then.

Any one, correct me if I'm wrong.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup