RESOLUTION

To correct this problem, install the fix mentioned below.

PMTU Discovery Overview

Windows NT 3.5 and 3.51 use PMTU discovery as described in RFC1191. When a connection is established, the two hosts involved exchange their TCP maximum segment size (MSS) values. The smaller of the two MSS values is used for the connection. The MSS for a system is usually the MTU (Maximum Transfer Unit) at the link layer minus 40 bytes for the IP and TCP headers.

When TCP segments are destined to a non-local network, the Don't Fragment bit is set in the IP header. Any router or media along the path may have an MTU that differs from that of the two hosts. If a media is encountered with an MTU that is too small for the IP datagram being routed, the router will attempt to fragment the datagram accordingly. Upon attempting to do so, it will find that the Don't Fragment bit in the IP header is set. At this point, the router should inform the sending host with an ICMP destination unreachable message that the datagram can't be forwarded further without fragmentation.

Most routers will also specify the MTU that is allowed for the next hop by putting the value for it in the low-order 16 bits of the ICMP header field that is labeled "unused" in the ICMP specification. See RFC1191, section 4, for the format of this message. Upon receiving this ICMP error message, TCP adjusts its MSS for the connection to the specified MTU minus the TCP and IP header size, so that any further packets sent on the connection will be no larger than the maximum size that can traverse the path without fragmentation.

Using The Largest Possible MTU For Each Path Optimizes Efficiency

PMTU discovery is enabled by default, but can be controlled by adding the following value to the registry:

When PMTU discovery is disabled, an MTU of 576 bytes is used for all non-local destination IP addresses. (The TCP MSS=536).

PMTU Black Hole Detection in Windows NT 3.5 and 3.51

A number of vendors sell routers and other intermediate devices that are not compliant. Instead of returning ICMP destination unreachable messages to the originating host, they may silently discard IP datagrams that are too large to be passed on to the next media in a path. These devices are referred to as "Black Hole Routers."

Windows NT 3.5 and 3.51 TCP/IP can be configured to attempt to discover these Black Hole Routers, and adapt the PMTU to be small enough to pass through them. A registry value can be added to enable PMTU Black Hole detection:

If this value is not present (default), then PMTU Black Hole detection is not enabled.

When PMTUBHDetect is enabled, after a TCP segment is retransmitted 1/2 of TCPMaxDataRetransmissions (another registry parameter, default=5) times without being acknowledged, the Don't Fragment bit will be cleared on the remainder of the retransmission attempts. If the segment is acknowledged as a result, the MSS will be decreased, and the Don't Fragment bit will be set in future IP datagrams sent on that connection.