Heard there are issues with AWE and Windows 2003 and SP1 for Windows fixes
it. Does anyone know more or a KB article ?I am not sure, but we are currently experinceing performance issues
since going to SP1. See my post in this group, Too Much RAM SQL Server
2000?|||Note: watch out with Windows 2003 SP1 and a busy SQL Server...this one just
hit us pretty good:
http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
Darian Miller
"Hassan" <fatima_ja@.hotmail.com> wrote in message
news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
> Heard there are issues with AWE and Windows 2003 and SP1 for Windows fixes
> it. Does anyone know more or a KB article ?
>|||Hi
Darian, how busy was your SQL Server to have this problem?
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Darian Miller" <darianmiller@.online.nospam> wrote in message
news:elshGJHbFHA.3848@.TK2MSFTNGP10.phx.gbl...
> Note: watch out with Windows 2003 SP1 and a busy SQL Server...this one
> just
> hit us pretty good:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
> Darian Miller
>
> "Hassan" <fatima_ja@.hotmail.com> wrote in message
> news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
>> Heard there are issues with AWE and Windows 2003 and SP1 for Windows
>> fixes
>> it. Does anyone know more or a KB article ?
>>
>|||We're still documenting the deal, but the 'security feature' actually seems
to cause a lot of increased traffic due to the many retry attempts. (We're
in the 3-500 batch requests/second range normally.)
Basically it appears that the client makes a successful connection to the
server and the connection is immediately forcibly dropped by the server
causing "General Network Error" on DBNETLIB ConnectionWrite (send())
The errors were coming in what we thought was fairly randomly but apparently
was based on peak levels set by this security feature. If the server thinks
the source is attempting a denial of service attack then it decides to drop
the network traffic, without notice of any kind (no event logging.) What I
would think it should do is if it thinks a source is attempting a denial of
service, then it should block all packets from the source, not just a few of
the peak ones, and it should document that it has automatically stepped in
to "save the day"... Much more difficult to track down they way it is
currently implemented. We were on the phone with Microsoft for over 8 hours
over the past two days on this particular problem and they didn't come
across the solution - we had to find it and tell them about it.
If you have SQL Server on a Windows 2003 Server with SP1, then I'd suggest
setting the registry setting referenced in the knowledge based article,
especially since it's highly likely that your SQL Server is protected from
outside connections to begin with.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Add DWORD: SynAttackProtect, value 0
I'm mainly just venting...but it's ludicrous to have this sort of 'feature'
implemented the way it is. Security needs to be a focus, but goodness sakes
you need to have some common sense about it. What's the point of dropping
'some' packets if it's a suspected DOS attack? They might have their
reasons, but there is no reason to not have a log entry stating that they
intentionally dropped network traffic. A simple "Suspected
denial-of-service attack detected, taking corrective action" would have
saved many hours of work.
Time for a drink! :)
Darian Miller
darian
@.
darianmiller
.com
"Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
news:%23EMfUSHbFHA.720@.TK2MSFTNGP15.phx.gbl...
> Hi
> Darian, how busy was your SQL Server to have this problem?
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "Darian Miller" <darianmiller@.online.nospam> wrote in message
> news:elshGJHbFHA.3848@.TK2MSFTNGP10.phx.gbl...
> > Note: watch out with Windows 2003 SP1 and a busy SQL Server...this one
> > just
> > hit us pretty good:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
> >
> > Darian Miller
> >
> >
> > "Hassan" <fatima_ja@.hotmail.com> wrote in message
> > news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
> >> Heard there are issues with AWE and Windows 2003 and SP1 for Windows
> >> fixes
> >> it. Does anyone know more or a KB article ?
> >>
> >>
> >
> >
>|||Here are a few:
http://support.microsoft.com/default.aspx?scid=kb;en-us;895575
http://support.microsoft.com/default.aspx?scid=kb;en-us;838765
Adrian
"Hassan" <fatima_ja@.hotmail.com> wrote in message
news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
> Heard there are issues with AWE and Windows 2003 and SP1 for Windows fixes
> it. Does anyone know more or a KB article ?
>|||Hi
Very interesting. Thanks for sharing this, I think you have saved many
people a lot of time.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Darian Miller" <darianmiller@.online.nospam> wrote in message
news:%23A65roHbFHA.3040@.TK2MSFTNGP14.phx.gbl...
> We're still documenting the deal, but the 'security feature' actually
> seems
> to cause a lot of increased traffic due to the many retry attempts.
> (We're
> in the 3-500 batch requests/second range normally.)
> Basically it appears that the client makes a successful connection to the
> server and the connection is immediately forcibly dropped by the server
> causing "General Network Error" on DBNETLIB ConnectionWrite (send())
> The errors were coming in what we thought was fairly randomly but
> apparently
> was based on peak levels set by this security feature. If the server
> thinks
> the source is attempting a denial of service attack then it decides to
> drop
> the network traffic, without notice of any kind (no event logging.) What
> I
> would think it should do is if it thinks a source is attempting a denial
> of
> service, then it should block all packets from the source, not just a few
> of
> the peak ones, and it should document that it has automatically stepped in
> to "save the day"... Much more difficult to track down they way it is
> currently implemented. We were on the phone with Microsoft for over 8
> hours
> over the past two days on this particular problem and they didn't come
> across the solution - we had to find it and tell them about it.
> If you have SQL Server on a Windows 2003 Server with SP1, then I'd suggest
> setting the registry setting referenced in the knowledge based article,
> especially since it's highly likely that your SQL Server is protected from
> outside connections to begin with.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
> Add DWORD: SynAttackProtect, value 0
> I'm mainly just venting...but it's ludicrous to have this sort of
> 'feature'
> implemented the way it is. Security needs to be a focus, but goodness
> sakes
> you need to have some common sense about it. What's the point of dropping
> 'some' packets if it's a suspected DOS attack? They might have their
> reasons, but there is no reason to not have a log entry stating that they
> intentionally dropped network traffic. A simple "Suspected
> denial-of-service attack detected, taking corrective action" would have
> saved many hours of work.
> Time for a drink! :)
> Darian Miller
>
> darian
> @.
> darianmiller
> .com
> "Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
> news:%23EMfUSHbFHA.720@.TK2MSFTNGP15.phx.gbl...
>> Hi
>> Darian, how busy was your SQL Server to have this problem?
>> Regards
>> --
>> Mike Epprecht, Microsoft SQL Server MVP
>> Zurich, Switzerland
>> IM: mike@.epprecht.net
>> MVP Program: http://www.microsoft.com/mvp
>> Blog: http://www.msmvps.com/epprecht/
>> "Darian Miller" <darianmiller@.online.nospam> wrote in message
>> news:elshGJHbFHA.3848@.TK2MSFTNGP10.phx.gbl...
>> > Note: watch out with Windows 2003 SP1 and a busy SQL Server...this one
>> > just
>> > hit us pretty good:
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
>> >
>> > Darian Miller
>> >
>> >
>> > "Hassan" <fatima_ja@.hotmail.com> wrote in message
>> > news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
>> >> Heard there are issues with AWE and Windows 2003 and SP1 for Windows
>> >> fixes
>> >> it. Does anyone know more or a KB article ?
>> >>
>> >>
>> >
>> >
>>
>|||"Darian Miller" <darianmiller@.online.nospam> wrote in message
news:elshGJHbFHA.3848@.TK2MSFTNGP10.phx.gbl...
> Note: watch out with Windows 2003 SP1 and a busy SQL Server...this one
just
> hit us pretty good:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
Thanks for that tip. We have a high-volume SQL instance where we're seeing
behavior similar to what the KB article describes. We're not running with
any OS service pack, but we do apply the monthly patches. I wonder if the
DOS-preventing "security feature" has been included in any of those.|||Yes, I believe it has been included in a security fix. If you've seen these
messages, apply the registry setting and they go away immediately after a
restart.
"Karen Collins" <kcollins5@.tampabay.rr.com> wrote in message
news:eL3p4TNbFHA.3040@.TK2MSFTNGP14.phx.gbl...
> "Darian Miller" <darianmiller@.online.nospam> wrote in message
> news:elshGJHbFHA.3848@.TK2MSFTNGP10.phx.gbl...
> > Note: watch out with Windows 2003 SP1 and a busy SQL Server...this one
> just
> > hit us pretty good:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
>
> Thanks for that tip. We have a high-volume SQL instance where we're
seeing
> behavior similar to what the KB article describes. We're not running with
> any OS service pack, but we do apply the monthly patches. I wonder if the
> DOS-preventing "security feature" has been included in any of those.
>|||I hope so!
Darian
"Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
news:ehVr8SLbFHA.2124@.TK2MSFTNGP14.phx.gbl...
> Hi
> Very interesting. Thanks for sharing this, I think you have saved many
> people a lot of time.
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "Darian Miller" <darianmiller@.online.nospam> wrote in message
> news:%23A65roHbFHA.3040@.TK2MSFTNGP14.phx.gbl...
> > We're still documenting the deal, but the 'security feature' actually
> > seems
> > to cause a lot of increased traffic due to the many retry attempts.
> > (We're
> > in the 3-500 batch requests/second range normally.)
> >
> > Basically it appears that the client makes a successful connection to
the
> > server and the connection is immediately forcibly dropped by the server
> > causing "General Network Error" on DBNETLIB ConnectionWrite (send())
> >
> > The errors were coming in what we thought was fairly randomly but
> > apparently
> > was based on peak levels set by this security feature. If the server
> > thinks
> > the source is attempting a denial of service attack then it decides to
> > drop
> > the network traffic, without notice of any kind (no event logging.)
What
> > I
> > would think it should do is if it thinks a source is attempting a denial
> > of
> > service, then it should block all packets from the source, not just a
few
> > of
> > the peak ones, and it should document that it has automatically stepped
in
> > to "save the day"... Much more difficult to track down they way it is
> > currently implemented. We were on the phone with Microsoft for over 8
> > hours
> > over the past two days on this particular problem and they didn't come
> > across the solution - we had to find it and tell them about it.
> >
> > If you have SQL Server on a Windows 2003 Server with SP1, then I'd
suggest
> > setting the registry setting referenced in the knowledge based article,
> > especially since it's highly likely that your SQL Server is protected
from
> > outside connections to begin with.
> >
> > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
> > Add DWORD: SynAttackProtect, value 0
> >
> > I'm mainly just venting...but it's ludicrous to have this sort of
> > 'feature'
> > implemented the way it is. Security needs to be a focus, but goodness
> > sakes
> > you need to have some common sense about it. What's the point of
dropping
> > 'some' packets if it's a suspected DOS attack? They might have their
> > reasons, but there is no reason to not have a log entry stating that
they
> > intentionally dropped network traffic. A simple "Suspected
> > denial-of-service attack detected, taking corrective action" would have
> > saved many hours of work.
> >
> > Time for a drink! :)
> >
> > Darian Miller
> >
> >
> >
> > darian
> > @.
> > darianmiller
> > .com
> >
> > "Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
> > news:%23EMfUSHbFHA.720@.TK2MSFTNGP15.phx.gbl...
> >> Hi
> >>
> >> Darian, how busy was your SQL Server to have this problem?
> >>
> >> Regards
> >> --
> >> Mike Epprecht, Microsoft SQL Server MVP
> >> Zurich, Switzerland
> >>
> >> IM: mike@.epprecht.net
> >>
> >> MVP Program: http://www.microsoft.com/mvp
> >>
> >> Blog: http://www.msmvps.com/epprecht/
> >>
> >> "Darian Miller" <darianmiller@.online.nospam> wrote in message
> >> news:elshGJHbFHA.3848@.TK2MSFTNGP10.phx.gbl...
> >> > Note: watch out with Windows 2003 SP1 and a busy SQL Server...this
one
> >> > just
> >> > hit us pretty good:
> >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;899599
> >> >
> >> > Darian Miller
> >> >
> >> >
> >> > "Hassan" <fatima_ja@.hotmail.com> wrote in message
> >> > news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
> >> >> Heard there are issues with AWE and Windows 2003 and SP1 for Windows
> >> >> fixes
> >> >> it. Does anyone know more or a KB article ?
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>|||So with all these issues with Win2K3, what does MS have to say ? Do
companies move forward on Win2K3 ?
"Adrian Zajkeskovic" <azajkeskovic@.hotmail.com> wrote in message
news:MNednY37e_KSPTrfRVn-1A@.rogers.com...
> Here are a few:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;895575
> http://support.microsoft.com/default.aspx?scid=kb;en-us;838765
> Adrian
>
> "Hassan" <fatima_ja@.hotmail.com> wrote in message
> news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
> > Heard there are issues with AWE and Windows 2003 and SP1 for Windows
fixes
> > it. Does anyone know more or a KB article ?
> >
> >
>|||Actually, a PAE fix for Win2K3 has also been released as part of a Security
Hotfix Critical Update:
Microsoft Security Bulletin MS04-032
Security Update for Microsoft Windows (840987)
http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx
Sincerely,
Anthony Thomas
--
"Hassan" <fatima_ja@.hotmail.com> wrote in message
news:OuOCc4VbFHA.2420@.TK2MSFTNGP15.phx.gbl...
So with all these issues with Win2K3, what does MS have to say ? Do
companies move forward on Win2K3 ?
"Adrian Zajkeskovic" <azajkeskovic@.hotmail.com> wrote in message
news:MNednY37e_KSPTrfRVn-1A@.rogers.com...
> Here are a few:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;895575
> http://support.microsoft.com/default.aspx?scid=kb;en-us;838765
> Adrian
>
> "Hassan" <fatima_ja@.hotmail.com> wrote in message
> news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
> > Heard there are issues with AWE and Windows 2003 and SP1 for Windows
fixes
> > it. Does anyone know more or a KB article ?
> >
> >
>|||The issues with w2k3 at very small compared to NT 4.0 and w2k.
We found that most of the 'issues' with w2k3 are NT 4.0 MCSE's not
understanding security.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Hassan" <fatima_ja@.hotmail.com> wrote in message
news:OuOCc4VbFHA.2420@.TK2MSFTNGP15.phx.gbl...
> So with all these issues with Win2K3, what does MS have to say ? Do
> companies move forward on Win2K3 ?
> "Adrian Zajkeskovic" <azajkeskovic@.hotmail.com> wrote in message
> news:MNednY37e_KSPTrfRVn-1A@.rogers.com...
>> Here are a few:
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;895575
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;838765
>> Adrian
>>
>> "Hassan" <fatima_ja@.hotmail.com> wrote in message
>> news:%23pWXnzFbFHA.1660@.tk2msftngp13.phx.gbl...
>> > Heard there are issues with AWE and Windows 2003 and SP1 for Windows
> fixes
>> > it. Does anyone know more or a KB article ?
>> >
>> >
>>
>
没有评论:
发表评论