The server has detected an attempted Denial-Of-Ser...

davidbarclay · ‎04-23-2007

Have you seen this before? There is a Microsoft support article over at:

http://support.microsoft.com/kb/898468

Increasing I come across this problem. Why? Well, I figured that out.

In the phyiscal world this scenario is unlikely unless it really is a DoS. However, if two VMs on the same phyiscal server transfer a high volume of files (some batch process for example) these symptoms present themself.

Technically it's an advantage - it means VMware vSwitching is so effiecient it is generating errors in Windows meant to protect the user from high volumes of I/O.

So, what do we do? We put HA affinity rules to keeps these VMs together (where possible), then increase the registry value discussed in the Microsoft article to a much higher number (don't go nutes, increase slowly over time until the problem goes away).

Enjoy!

Dave

masaki · ‎04-24-2007

This is a problem on destination.

Off course if you are using two vm instead of one you are doubling the number of connections.

"MaxMpxCt is the maximum number of concurrent outstanding network requests that are allowed. By default, this value is set to 50 in Windows Server 2003."

So you must double this value too to have the same behaviour.

davidbarclay · ‎04-25-2007

Actually, we found doubling is not even close to enough. We had to go to hundreds.

Dave

masaki · ‎04-26-2007

Well you have to syncronize the entire process.

An OS can manage only a certain number of connections; the remaining are queued.

the more long the queue (MaxCPt) the less performances you have.

so you should send an acceptable amount of request per minute.

I think this is the best thing to do.

But it's only my humble opinion.

davidbarclay · ‎04-26-2007

Agreed. This particular situation was controlled (i.e. a nightly batch process), so I'm not concerned. If the load was random and regular, increasing the limit by large numbers would only create a new problem after sustained transfers.

Like everything in IT, it depends on your own circumstances!

Dave

All

The server has detected an attempted Denial-Of-Service attack from...