This article has been archived. It is offered "as is" and will no longer be updated.
Users who connect to a server experience delays in voice communications or in streaming video. This symptom occurs when you configure a server for one of the following purposes:
Voice Over Internet Protocol (VoIP) communications
This symptom occurs if the following conditions are true:
The server is a Microsoft Windows 2000-based computer.
You previously set the SynAttackProtect registry value on this server to 2.
However, if you set the SynAttackProtect registry value to zero (0), users no longer experience these delays.
Note For more information about the SynAttackProtect registry value, see the "More Information" section.
This problem occurs because the SynAttackProtect registry value is set to 2. Because of this setting, the following events occur:
A service requests the Type of Service (TOS) flag for an initial TCP connection.
Windows does not set the TOS flag on the initial TCP connection.
For example, consider the following scenario:
You use Server A for voice data or for streaming video.
You set the TOS flag to Critical in the IP header of every TCP packet that is sent from Server A.
A client computer sends a TCP SYN packet to Server A.
Server A tries to set the TOS flag to Critical on the ACK-SYN reply packet.
If the SynAttackProtect registry value is set to 2 on Server A, Server A incorrectly sets the TOS flag to Normal on the initial TCP ACK-SYN reply packet.
Note In this scenario, Server A should set the TOS flag to Critical on this initial TCP ACK-SYN packet.
Subsequent packets from Server A have the TOS flag set correctly to Critical.
In this scenario, if you have a congested network, users may experience delays in VOIP communications or in streaming video communications. This delay occurs because the TOS flag is incorrectly set on the initial TCP connection.
To resolve this problem, you must install security update 893066 on the computer.
Note Security update 893066 is described in security bulletin MS05-019. For more information about security bulletin MS05-019, click the following article number to view the article in the Microsoft Knowledge Base:
893066 MS05-019: Vulnerabilities in TCP/IP could allow remote code execution and denial of service
The SynAttackProtect registry value is located under the following registry subkey: