For a few days now, the Windows 7 workstations on my network have been unable to connect to Windows Update. They are getting the infamous error 80072ee2. They are connected to a simple SOHO switch. The switch is connected to a Debian Wheezy box acting as a router. The router connects to a cable modem. The configuration hasn't changed in at least six months and was working normally until now. During debugging I discovered the following workarounds:
If I connect one of the affected workstations directly to the cable modem, the problem disappears.
If I lower the MTU on one of the affected workstations from 1500 to 1492, the problem disappears.
This leads me to believe the Linux router is somehow causing the issue. I ran wireshark and got a dump of the client traffic while it is trying to contact windows update. You can find it here:
http://fernoflogic.com/~rob/mtu1500.pcapng
Strangeness starts at packet number 70. It is an ICMP type 3 code 4 "fragmentation needed" message sent by my router. It claims the next hop MTU is 1500, which should be correct. The packet it complains about is number 69. It is claimed to be 2960 bytes long. As far as I know, PMTUD should fix this. Several retransmits happen, but the client keeps getting ICMP 3:4 and eventually the connection is torn down. I have tried to disable "Large Send Offload" (the Intel name for TSO), but that did not help. I do have the above mentioned workarounds available, but I would like to understand why this is happening and find a proper fix if possible. I suspect it is a hardware or configuration problem on my end. The client I set up for testing is a clean install of Windows 7 SP 1 without any customizations. Where do I go from here, what should I look for? Thanks!
