Windows 7 pro ipsec problem
I have windows 2000 domain. Ipsec is configured to protect traffic on port of microsoft sql server (1433). Also, we have .net 2.0 application, and we use ADO to connect to microsoft sql server 2005. Everything works ok in windows 2000/xp. But in windows 7 we have very slow responses from sql - server when using direct sql-queries. That's not the problem of the server. When I turn off ipsec-policy, which requires security with kerberos authentication, on server side, everything works well. Ipsec-policy is provided through group policy to the clients and the policy is 'request security' ipsec diagnostic tool does not show anything useful. Sniffer also, because sql-queries are packed into ipsec. Another application, which uses odbc and written in visual c, works fine. I need any help with this issue. It seems that windows 7 ipsec does not work properly. Or may be it is trouble of .net 2.0? Network card drivers are the latest. Have not installed windows 7 sp1 beta, because my windows 7 is russian.
September 13th, 2010 11:25am

Hi, Please check the policy applied on the Windows 7 client: Run the following command: netsh ipsec static exportpolicy X:\Y.ipsec X=path or drive name Y=file name Netsh Commands for Internet Protocol Security (IPsec) http://technet.microsoft.com/en-us/library/cc739550(WS.10).aspx Regards, Sabrina Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2010 5:55am

We are trying to resolve problem ourselves. And we performed some tests. Here is he result. We've got windows 7 with microsoft sql 2005 management studio installed (client tools). And when we try to execute the same sql-statement through the studio several times, each time the response time from the server INCREASES. But when we turn on showing "execution plan" there is no delays. That's strange. However, no problems in xp/2000. Have not tried in Vista, because does not have any. MS sql 2005 x64 used. sp3 installed. Ipsec disabling on server side resolves the problem. I will be able to show the result of netsh query on 20 of september. I know about the problem with llmnr protocol, but it is not in my case, llmnr is turned off and fqdn is used in connection string. On the other hand, ipsec-policy IS applied, because windows 7 host can connect to ms sql 2005 with "ipsec require security" server, but queries run very slow.. Thanks for the reply. Best regards, Eugene.
September 17th, 2010 5:55am

Don't know how to attach file to the post. Here is the link to download the file with ipsec-policy: http://rapidshare.com/files/420071660/my.zip
Free Windows Admin Tool Kit Click here and download it now
September 19th, 2010 11:28pm

Do you have any ideas on the case? How to speed up queries in windows 7 without turning off ipsec?
September 24th, 2010 9:01am

Resolved the problem. Our experiments leaded to the fact that with ipsec enabled in windows 7 the problem exists only when length of query batch is more than 696 symbols (2-byte words). Which lead us to MTU problem. Experiments with MTU did not lead to the solution. But the problem was resolved by adding Packet size = 1400 into ms sql connection string. It seems that there is some microsoft bug in fragmenting ipsec packets.
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2011 11:00pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics