Disabling Windows Server 2003 SP1 and SP2 Denial of Service Checking
|This topic is applicable only for Windows Server 2003.|
You should disable the Windows Server 2003 Service Pack 1 and Service Pack 2 denial of service checking. This is because under certain high-load scenarios, Windows Server 2003 SP1 and SP2 denial of service checking may incorrectly identify valid TCP/IP connections as a denial of service attack.
|You should disable this feature only in an intranet scenario when you are sure you will not suffer from actual denial of service attacks.|
Windows Server 2003 SP1 and SP2 implement a security feature that reduces the size of the queue for concurrent TCP/IP connections to the server. This feature helps prevent denial of service attacks. Under heavy load conditions, the TCP/IP protocol in Windows Server 2003 SP1 or later may incorrectly identify valid TCP/IP connections as a denial of service attack. This may occur when BizTalk Server is under heavy load.
For more information, see Microsoft Knowledge Base article 899599, "A BizTalk Server Host instance fails, and a 'General Network' error is written to the Application log when the BizTalk Server-based server processes a high volume of documents" at http://go.microsoft.com/fwlink/?LinkId=158860. Follow the instructions in this article to create the SynAttackProtect registry entry on computers running SQL Server that host BizTalk Server databases and on any computers running BizTalk Server that are running Windows Server 2003 SP1 or later.
In certain scenarios you may want to maintain denial of service protection but reduce how aggressively the denial of service functionality is applied. It is possible to tune the default behavior of the denial of service protection feature by following these steps:
Ensure that the SynAttackProtect registry entry is set to a REG_DWORD value of 1 as described at http://go.microsoft.com/fwlink/?LinkId=111477.
Configure the TcpMaxHalfOpen registry entry as described at http://go.microsoft.com/fwlink/?LinkId=111478.
Configure the TcpMaxHalfOpenRetried registry entry as described at http://go.microsoft.com/fwlink/?LinkId=111479.