Click on the Category button to get more articles regarding that product.
We just had a case where we in detail explored the CRC errors with Intunes Packets. Simply WIN32 Package with 300MB failed just for one client. One client had a CRC error same day while others just fine.
Here is how to check local on-premises to be sure you can tell it’s M365 side failing suddenly.
Technical Tip: Troubleshooting CRC Errors in FortiGate 5.X, 6.X, and 7.X
Description: This guide outlines the steps to troubleshoot CRC errors, focusing on Layer-1 issues.
-
Check Physical Connectivity:
- Change the cable connecting the affected ports.
- Clear counters and disable/enable the ports.
- Swap ports between switches, if possible.
- Change the cable connecting the affected ports.
-
Duplex Mismatch:
- CRC errors and late collisions can result from a duplex mismatch.
- Ensure both sides of the link have the same duplex configuration.
- Check for auto-duplex and fixed (full-duplex) configurations.
- CRC errors and late collisions can result from a duplex mismatch.
-
Port Speed/Duplex Settings:
- Verify port speed/duplex settings using CLI commands.
- Address any duplex mismatch using the following commands:
Change or set speed per port
conf sys interface
edit <interface-name>
set speed <1000full/10000half/100full/100half/10full/10half/auto>
end
- Verify port speed/duplex settings using CLI commands.
-
NIC Commands:
- Explore Network Interface Card (NIC) commands for further troubleshooting.
- Explore Network Interface Card (NIC) commands for further troubleshooting.
-
Interface Error Counters:
- Use FortiGate interface error counters for additional insights.
- Use FortiGate interface error counters for additional insights.
-
Cable and SFP Replacement:
- Replace the cable connected to the port.
- If errors persist, replace the cable or SFP (if used) and re-run commands.
- Replace the cable connected to the port.
-
MTU Adjustment:
-
Change MTU on the interface:
- GUI: Edit the interface, select override default MTU, and enter the new value.
- CLI:
- GUI: Edit the interface, select override default MTU, and enter the new value.
Find MTU size on Windows 10/11
-
-
Command Prompt:
- Open the Command Prompt as an administrator.
- Type the following command and press Enter:
ping <destination_address> -f -l <packet_size>
ping 8.8.8.8 -f -l 1500
ping 8.8.8.8 -f -l 1490
ping 8.8.8.8 -f -l 1480
etc.
ABOVE: Packet needs to be fragmented but DF set > Means MTU too big for the path you go out
- Open the Command Prompt as an administrator.
- Replace <destination_address> with the target IP address and <packet_size> with a specific packet size.
-
Adjust Packet Size:
-
Start with a packet size of 1472 (default is 1472 bytes).
- If the ping is successful, increase the packet size by 10 until you encounter fragmentation or failure. (Packet needs to be fragmented but DF set)
- If the ping is successful, increase the packet size by 10 until you encounter fragmentation or failure. (Packet needs to be fragmented but DF set)
-
-
Identify Maximum Successful Size:
- The maximum successful packet size without fragmentation is your MTU.
Change MTU SIZE on Fortigate
config system interface
edit xxxx
set vdom “root”
set mtu-override enable
set mtu 9000 (for example)
next
end
Perform these steps systematically to identify and resolve CRC errors in FortiGate environments.
Check and clear counters using:
diag netlink interface list name <interface>
diag netlink interface clear <interface>
Samples with NO error in Collision or Drops.
diag hardware deviceinfo nic interface
Error fields
x_Errors = rx error count
Bad frame was marked as error by PHY.
Rx_CRC_Errors + Rx_Length_Errors + Rx_Align_Errors
Valid in 10/100M mode.
Rx_CRC_Errors
Frame CRC errors can be caused by a number of factors. Typically, they are caused by either faulty cabling, or as the result of a collision
Rx_Dropped
Running out of buffer space. A newer error is rx_no_buffer_count.
Rx_Missed_Errors
Equals Rx_FIFO_Errors + CEXTERR (Carrier Extension Error Count). Only valid in 1000M mode, which is marked by PHY.
Tx_Errors=Tx_Aborted_Errors
ECOL, Excessive Collisions Count. Valid in half-duplex mode.
Tx_Window_Errors
LATECOL, Late Collisions Count. Late collisions are collisions that occur after 64-byte time into the transmission of the packet while working in 10-100 Mb/s data rate, and 512 byte time into the transmission of the packet while working in the 1000 Mb/s data rate. This register only increments if transmits are enabled and the device is in half-duplex mode.
Rx_Dropped
See RX error.
Tx_Dropped
Not defined
Collisions
Total number of collisions experienced by the transmitter. Vaild in half-duplex mode.
Rx_Over_Errors
Not defined.
Rx_CRC_Errors
Frame CRC errors can be caused by a number of factors. Typically, they are caused by either faulty cabling, or as the result of a collision
Rx_Frame_Errors
Same as Rx_Align_Errors. This error is only valid in 10/100M mode.
Rx_FIFO_Errors
Same as Rx_Missed_Errors; missed packet count.
Tx_Aborted_Errors
ECOL – Excessive Collisions Count. Only valid in half-duplex mode.
Tx_Carrier_Errors
The PHY should assert the internal carrier sense signal during every transmission. Failure to do so may indicate that the link has failed, or the PHY has an incorrect link configuration. This register only increments if transmits are enabled. This register is not valid in internal SerDes1 mode (TBI mode for the 82544GC/EI), and is only valid when the Ethernet controller is operating at full duplex.
Rx_Length_Errors
Transmission length error.
Tx_FIFO_Errors
Not defined.
Tx_Heartbeat_Errors
Not defined.
Tx_Window_Errors
LATECOL – Late Collisions Count.
Tx_Single_Collision_Frames
Counts the number of times that a successfully transmitted packet encountered a single collision. The value only increments if transmits are enabled and the Ethernet controller is in half-duplex mode.
Tx_Multiple_Collision_Frames
Multiple Collision Count, counts the number of times that a transmit encountered more than one collision but less than 16. The value only increments if transmits are enabled and the Ethernet controller is in half-duplex mode.
Tx_Deferred
Counts defer events. A defer event occurs when the transmitter cannot immediately send a packet due to the medium being busy either because another device is transmitting, the IPG timer has not expired, half-duplex deferral events, reception of XOFF frames, or the link is not up. This register only increments if transmits are enabled. This counter does not increment for streaming transmits that are deferred due to TX IPG.
Rx_Frame_Too_Longs
Rx frame over size.
Rx_Frame_Too_Shorts
Rx frames too short.
Rx_Align_Errors
This error is only valid in 10/100M mode.
Symbol Error Count
SYMERRS – Counts the number of symbol errors between reads. The count increases for every bad symbol received, whether or not a packet is currently being received and whether or not the link is up. this register only increments in internal SerDes mode.
Links we used:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-CRC-Errors-troubleshooting/ta-p/265309
- The maximum successful packet size without fragmentation is your MTU.