IPsec is not compatible with TCP offloading (called TCP Chimney Offload on the Windows Server platform) so if you’re using IPsec for domain or server isolation in a Windows Server environment then you will want to disable TCP offloading on both your network adapter properties and in the registry where TCP/IP parameters are stored.
There are two ways you can easily do this. First, you can yse the Netsh command at a command prompt like this:
netsh int tcp set global rss=disabled
netsh int tcp set global chimney=disabled
Alternatively, you use the REG ADD command to modify the registry like this:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v EnableTCPA /t REG_DWORD /d 0
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v NetDMA /t REG_DWORD /d 0
Mitch is a ten-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows Server and cloud computing technologies. For more information see http://www.mtit.com