Vault Client Can't Connect Through Some Routers (MTU)

A collection of information about Vault, including solutions to common problems.

Moderator: SourceGear

Post Reply
sterwill
Posts: 256
Joined: Thu Nov 06, 2003 10:01 am
Location: SourceGear

Vault Client Can't Connect Through Some Routers (MTU)

Post by sterwill » Thu Jan 15, 2004 9:47 am

Some DSL/cable/ISDN/satellite routers have problems with packet fragmentation when the MTU size of a packet is greater than 1492 bytes. Windows servers (including ones running Vault web services) will default to an MTU size of 1500 bytes. If an affected router is used between the client and server machines, and the server is unable to send and receive ICMP messages, the Vault client may be unable to login to the Vault server. The client-side symptom is the message: "Unable to connect to http://server/VaultService. No server was found at the specified URL."

Here's how the problem happens:

The router on the client end sends an HTTP request over TCP/IP (the Vault login) to the web server, which responds with 1500 byte packets. 1500 is bigger than the router is configured to accept, so it sends back an ICMP packet that tells the web server to start sending smaller packets (1492 bytes). Since the web server never sees the ICMP message, it continues sending 1500 byte packets that the router discards.

Possible fixes include:
  • Configure your router to accept 1500 byte MTU sizes and/or defragment packets
  • Configure your server and any firewalls to allow the correct ICMP traffic to and from your server
Cisco has an article describing the affects of MTU settings on some of their routers. The article describes PPPoE, but the symptoms are similar for HTTP.

It's also possible for the issue to be solely on the Windows client. Use netsh to change the MTU and reboot the client.
Shaw Terwilliger
SourceGear LLC
`echo sterwill5sourcegear6com | tr 56 @.`

Post Reply