Vista issues

Ripley

I am having problems with two Windows Vista machines that we just received.  I have about 25 XP machines and about the same number of IP phones working currently.  When I connect the Vista machine it gets an IP address and it can see other machines on the internal network.  However, I can't ping or browse to anything outside the network.  I searched the forum already and have tried the suggestion of turning on UPnP and the following command line commands:

netsh int tcp set global autotuninglevel=disabled
netsh int tcp set global rss=disabled

No luck.  I also edited the registry on one to complete disable IPv6.  Still nothing.  I am going to install XP on one of the machines tonight, which I assume will correct the issue.  But that isn't a great long term solution.  Any other ideas or suggestions to get them working would be great.

Cry Havok

I'm posting this from a Vista host behind a pfSense 1.2 release host.  It connects to and pings hosts outside the LAN just fine.  Have you checked that the default gateway is correctly set?

Ripley

Yeah the gateway is set properly.  I even tried setting the IP, DNS, and Gateway by hand.  Still no luck.  When I did that I lost the ability to ping the gateway.  However occasionally when trying to ping the gateway with a static set IP I would get a response from the external DNS stating that the host was unreachable (which it would be since its a 192.168.1.* address).

Ripley

I came across this in my searching:

http://8help.osu.edu/3253.html

Vista: TCP window scaling not compatible with some network hardware.

There is an incompatibility between Microsoft Windows Vista and some network equipment. Equipment possibly affected includes: Routers, VPN Endpoints, and Firewalls that use Stateful Packet Inspection (SPI).

Among most commercial firewalls that utilize Stateful Packet Inspection, the OSU Fire Marshall is one that is affected by this issue.

The problem has to do with the TCP window resizing feature in Vista and Stateful Packet Inspection. Possible symptoms exhibited include:

* Web traffic works OK
    * Email through client software sends but will not receive or times out when downloading messages (POP or IMAP)
    * Slow or no network file server access.
    * Other random network timeouts or connectivity problems.
    * Slowness or freezing in web browsing or other applications including VPN connections.

To disable TCP Windows Scaling In Vista:

1. Note: This command MUST be run as administrator
  2. Locate the Command Prompt icon/executable file under Start->Accessories
  3. Right-click on the icon and select "Run as administrator"
  4. Type:

netsh interface tcp set global autotuninglevel=disabled

5. Reboot the computer.

To verify the settings on the workstation, use the command:

netsh interface tcp show global

The results of this command should be:

TCP Global Parameters

---

Receive-Side Scaling State                : enabled
Chimney Offload State                      : enabled
Receive Window Auto-Tuning Level          : disabled
Add-On Congestion Control Provider        : ctcp
ECN Capability                            : disabled
RFC 1323 Timestamps                        : disabled

To enable TCP Windows Scaling In Vista:

1. Note: This command MUST be run as administrator
  2. Locate the Command Prompt icon/executable file under Start->Accessories
  3. Right-click on the icon and select "Run as administrator"
  4. Type:

netsh interface tcp set global autotuninglevel=normal

5. Reboot the computer.

I am correct that pfSense does stateful inspection right?  So this could be an issue.  I am not at the machine now to test but I will try it this evening and let you know what happens.  If anyone has any other ideas about what might be causing this though I am still open to suggestions.

hoba

Yes, pfSense does SPI. I haven't had issues with Vista clients behind pfSense yet but if this is the case it's just another reason to avoid vista for me (which I already do as much as I can).

Ripley

I also found this:

http://support.microsoft.com/kb/934430/en-us

The real problem here for me is at some point I am going to need to make this work.  And right now I have no idea how to do so.  I have a temporary solution for the one machine, switching to XP, but I would like to make Vista work.

hoba

Are you sure DNS is working ok? I have seen some strange issues with DNS if IPv6 is enabled. Firefox for example has a setting in about:config to turn IPv6 resolution off and there is even a bugreport at mozilla.org regarding IPv6 ( http://kb.mozillazine.org/Network.dns.disableIPv6 ) that recdommends turning it off. I had a vista notebook lately that had issues with this as well (incredibly slow dns lookups, often timeouts when resolving). However disabling IPv6 completely as protocol solved it for me.

GruensFroeschli

I've seen the same. Extremly slow DNS resolving.
But on a Windows XP machine with IPv6 installed.
I dont really remember what exactly i did because i just fiddeled with the config around (adding static DNS entries to OpenDNS for ALL interfaces, even the ones that are inactive (WLAN), disabling/enabling IPv6) until it worked.

Ripley

It appears that DNS is working fine.  I have 25 other machines on the same network, plus an equal number of IP phones that connect to an outside company that all work fine.  No DNS problems.  What other way is there to test specifically for DNS problems?  Also, is there a way to change the MTU size?  According to this http://ask.slashdot.org/article.pl?sid=07/01/05/0053231 that may be another way to resolve this.

hoba

The other 25 machines and the voipphones are not vista and probably don't even have IPv6 enabled, right?  ;)
This is definately some kind of odd vista issue as everything else is working fine. I also have seen some pretty strange prebundled software on some oem-setups that cause me a lot of headache with voip. Things started working when I removed all that crap that noone needs. I think it was something bundled with dell pcs called "trustmanager" or similiar iirc. You also might use spybot search and destroy to check what's in the tcp/ip stack of that machine. That's how I found that trustmanager that had itself linked in there and caused all the pain.

Ripley

So no go.  Nothing I have tried works.  I am at a complete loss.  I would love some other ideas/suggestions/anything.  I have already updated to the most recent pfSense.  I have tried turning off IPv6.  I have tried disabling the tunnel sizing.  I checked for anything that may have been installed by Dell, of which I found none.  I couldn't install Spybot because it needed to down load files from the internet.  I need a work around or something.  I am open for any suggestions.

jahonix

Let's try to nail this down!

We happen to be a Microsoft Partner and as such, just received a Windows Vista Business with SP1 DVD (32bit) (and 10 licenses).
I installed it to a spare machine yesterday and and it worked flawlessly out of the box.
With pfSense 1.2Release and DHCP to the host. I have not added this PC to our domain, though.

Which Vista flavour did you install?

Kris.J

I run Vista Ultimate 64-bit behind pfSense with zero troubles.
I've been running Vista U. x64 for over a year now, and it's been wonderful.  :)

Let's start with the basics:
Are your Vista installations fully patched?
There are several updates that affect networking on a Vista installation.
If you have not done so, you need to run Windows Update repeatedly until you get every single update offered - up to and including Vista Service Pack 1.

Edit:
Obiviously, you're going to need to put the Vista box somewhere not behind pfSense so it can get to the Internet and do it's thing.  ;)

Ripley

I am using Vista Business, what it came with, and I installed SP1 last night on it.  I will try and check for additional updates today.

Ripley

So I think I finally found the cause, crappy NIC drivers.  I loaded up XP on the box to test it.  Downloaded Dell's drivers and lo and behold, the same problem.  No DNS.  So after some digging I tracked down the driver from Intel's site and installed it.  Voila!  Works like a charm.  Unfortunately the same is not true under Vista.  Even with the Intel driver it still won't work.  So for now the user is stuck with XP, not that I think that's a bad thing, I still don't like Vista.  But it looks the like the whole issue is related to crappy Dell drivers.  They didn't even have the correct video card driver for the machine!  So for future reference Dell driver's suck!  Also, thanks for all the input.

cybrsrfr

In my mind a downgrade to XP from Vista is an upgrade. Same CPU will give you twice the performance on XP than Vista.

jahonix

If you add all this fancy stuff that keeps you from being productive and the time for searching for formerly well known functions the count goes up!  ::)

hoba

It took me less time to get used to osx than to get used to vista. For home use I already replaced my workstation and my notebook with apple stuff. Much less pain, it simply works and is much faster than vista.