Share via

How to Resolve ECN Negotiation Failure Between Windows( as client) and Linux ?

wei hua 0 Reputation points
2025-03-18T02:38:15.2966667+00:00

Enable ECN on a Windows 10 or Windows 11 operating system and make it to take effect:

netsh int tcp set global ecn=enabled

Then, access a Linux server with ECN enabled as a client on tcp, such as SSH or web service.

The Windows operating system sets the ECN in the IP header to '10' in the first packet and sets the ECE and CWR in the TCP SYN packet to 1.

However, the Linux server considers that the ECN in the SYN packet cannot be set to '10' but should be set to '00'. Therefore, the Linux server does not respond to the ECE in the SYN ACK packet, the ECN negotiation fails, the Linux server does not respond to the packet with the ECE value '1'.

This processing of linux server should comply with the RFC specification, which is described in RFC 3168: "6.1.1 A host MUST NOT set ECT on SYN or SYN-ACK packets.".

Tests show that some Linux operating systems, including ubuntu, euler, and suse, behave like this.

After ECN is enabled in Windows, is there any parameter to control whether the ECN of the SYN packet is not set to 10 in the first packet?

Or how i should do to make the ecn negotiate betweent windows( as client) and linux(as server) secceed?

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-03-20T07:33:50.45+00:00

    Hello,

    Thank you for posting in Microsoft Q&A.

    Based on the description, I understand your question is related to ECN Negotiation Failure Between Windows( as client) and Linux.

    First run below commands:

    netsh int tcp set global ecn=enabled

    There is no direct parameter in Windows to control the ECN bits in the SYN packet to avoid setting it to '10'.

    Tyr below command to disable ECN for Initial SYN Packets

    New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "InitialRto" -Value 3000 -PropertyType DWord

    Create a PowerShell script to dynamically adjust ECN settings based on the connection state.

    netsh int tcp set global ecn=disabled

    $connection = New-Object System.Net.Sockets.TcpClient("linux-server-ip", 22)

    netsh int tcp set global ecn=enabled

    Have a nice day.

    Best Regards,

    Molly

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.