Help with New fragment overlaps old data messages?

asked 2023-06-07 17:08:49 +0000

peyre gravatar image

updated 2023-06-07 17:10:13 +0000

I've set up a new server for our Primavera (timekeeping) system. It runs just fine for about 10 hours, then is unable to authenticate with the domain controllers. We had it reboot at 6:30am, meaning sometime between 4:00 and 5:00 it will stop authenticating. We can have it reboot twice a day, but that's not a very good workaround, especially if anyone happens to want to sign into the system in the early morning hours when it will be down.

This part of our system is all Windows. It's a Server 2019 machine and the two DCs are Server 2022 Standard 21H2. Our system is virtualized, so both the DCs and the Primavera server are VMs running on Hyper-V. In fact, the Primavera machine is on the same physical hypervisor machine as the FSMO Master DC - so there shouldn't be a hardware or driver issue. I can't imagine why this would work for 10 hours or so, then simply stop accepting logins.

I ran Wireshark on the machine, and it's just full of the following error, over and over and over--starting around the time it went down, I think. Different ports, same error. I'd be glad to attach a copy of the log if I can figure out how.

[Reassembly error, protocol TCP: New fragment overlaps old data (retransmission?)]

edit retag flag offensive close merge delete


I've compressed the log and uploaded it to my Dropbox account:

peyre gravatar imagepeyre ( 2023-06-07 17:20:16 +0000 )edit

When I open the file in Wireshark 4.0.6, I don't see any "Reassembly error, protocol TCP: New fragment overlaps old data".
I do see (fast) retransmissions and SACK in action.

Do you have "Reassemble out-of-order segments" enabled in the TCP preferences?

André gravatar imageAndré ( 2023-06-09 16:59:37 +0000 )edit

I didn't! Does that mean this was a red herring? Maybe I should enable it and rerun?

peyre gravatar imagepeyre ( 2023-06-12 16:26:20 +0000 )edit