Right. No ICMP, no GP Processing. Check out my site as I
have a discussion on this. Go to http://www.gpoguy.com/faqs.htm and
search on "slow link".
Note that even restricted ICMP breaks GP processing. That
is, if you were to restrict ICMP packet size to something less than 2048 bytes,
GP processing will still break unless you modify the packet size that Windows
uses (see http://support.microsoft.com/default.aspx?scid=kb;en-us;816045).
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Friday, December 30, 2005 7:41 AM
To: [email protected]
Subject: RE: [ActiveDir] icmp's
You'll need to disable Slow Link Detection. You want
to do this before disabling ICMP since once it's disabled the clients won't be
able to process GPO's anymore (until Slow Link Detection is disabled). If
you've already disabled ICMP then you'll need some alternate method of changing
the Registry on the clients. Do a search at search.microsoft.com and
you'll get several hits that discuss this.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Friday, December 30, 2005 8:25 AM
To: activedirectory
Subject: [ActiveDir] icmp'sWhat affect would blocking icmp packets on all vlans have on win2k/xp client logons in a win2k forest?any?I know clients ping dc's to see which responds first and later ping dc's to determine round trip time for GPO processing, but would blocking icmp's have any adverse affects on clients?I only ask because my corp blocks icmp's on all our vlans and i get a lot of event id 1000 from Usernev with error code of 59 which when i looked up, refers to network connectivity issues. i think this event id is related to the fact we block icmp packets and i was wondering if thats something i should worry about in a win2k network.Thanks
