Timeouts, Crashes and IP Binding Issues Caused by Server Hardware

This article applies to recent versions of SmarterMail. View articles for SmarterMail 15.x and earlier.

This article applies to you if the SmarterMail server is experiencing unexplainable behaviors such as:

  • MailService.exe crashing
  • Slow POP or SMTP connections
  • POP or SMTP timing out
  • MailService.exe is unable to bind to specific IP’s

There is a high probability that all of these symptoms can be attributed to issues relating to the server’s NIC. If the server is using any of the GigaBit class NICs, there is a feature that has been widely adopted called TCP Offload Engine.

Many Gigabit class network adapters have this "ChecksumOffload" feature enabled by default. When this is enabled, the adapter performs the time-consuming process of calculating the checksum which appears in both the IP header and in the TCP header of a packet.

One example of an issue with the “Offload TCP/IP Checksum” function is excessively slow connections and a tendency to timeout. But, a connection to the same account can be completed on the physical server without experiencing problems. This issue has also been encountered when running SSL or TLS connections./p>

If you run a packet sniffer software package, such as Wireshark or Ethereal, you will notice that there are an excessive amount of Checksum Errors. This is due to the NIC handling the Checksum verification and not the TCP/IP Stack.

Checksum offloading can be disabled for most adapters through the windows device manager:

  1. Open Windows Control Panel.
  2. Select Device Manager.
  3. Open the Network adapters tree node.
  4. Select properties on the appropriate network adapter.
  5. Select the Advanced tab.
  6. Disable any checksum offload properties.

In order to disable the Broadcom TCP checksum offloading, you will need to make the following registry edit:

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  2. Click Edit, point to New, and then click DWORD Value.
  3. Type DisableTaskOffload as the entry name, and then press ENTER.
  4. Right-click DisableTaskOffload, and then click Modify.
  5. In the Value data box, type a value of 1, and then click OK.

Here are some of the known affected Gigabit NICs:

  • Dual embedded Broadcom® NetXtreme IITM 5708 Gigabit2 Ethernet NIC with fail-over and load balancing
  • Realtek RTL8169/8110 Gigabit NIC
  • nVIDIA nForce NICs

Some example servers that utilize this NIC:

  • Dell PowerEdge 1950 / 2950 / Storage Server 2900
 
Learn more about SmarterMail's enterprise email features and benefits.

Feedback

Add Feedback
I just migrated my Windows Server 2003 SmarterMail 13.5 installation to an upgraded machine running Windows Server 2011 Essentials with a "Realtek PCIe GBE Family Controller" listed in the Device Manager. Users are now unable to connect with SSL and TLS. The NIC has the following:

ARP Offload (Enabled)
IPv4 Checksum Offload (Rx & Tx Enabled) (I disabled it)
Large Send Offload v2 (IPv4) (Enabled)
Large Send Offload v2 (IPv6) (Enabled)
NS Offload (Enabled)
TCP Checksum Offload (IPv4) (Rx & Tx Enabled) (I disabled it)
TCP Checksum Offload (IPv6) (Rx & Tx Enabled) (I disabled it)
UDP Checksum Offload (IPv4) (Rx & Tx Enabled) (I disabled it)
UDP Checksum Offload (IPv6) (Rx & Tx Enabled) (I disabled it)

After disabling what I thought was appropriate to disable users are still unable to connect via SSL or TLS. Any ideas would be welcomed.

CharlesWorks (August 9, 2015 at 7:47 PM)

Add Feedback