?
Solved

TCP connection dropped -- 'Establish TCP Abnormally'

Posted on 2005-05-13
6
Medium Priority
?
1,100 Views
Last Modified: 2013-11-29
Hi - this is my first question on EE
I am hosting a Citrix MF server behind a Netgear FVS318.  Clients connect from multiple locations around the country.  One location has recently (last three weeks) begun losing connections periodically throughout the day, i.e. all users connected get dropped at the same time.  They are not able to reconnect for 3-5 minutes (they receive a 'No Citrix Server configured at this address' message) when this happens but they still have internet access and can ping my IP address.  After the interval they are able to reconnect and work normally until it happens again.

The firewall log reports:
Fri, 05/13/2005 04:14:55 - TCP connection dropped - Source:XXX.XXX.XXX.XXX, 1731, WAN - Destination:YYY.YYY.YYY.YYY, 1494, LAN - 'Establish TCP Abnormally'

During these occurances, other remote users are unaffected as are local users also behind the firewall.

The location suffering the problem is using a T1 connection.  Their LAN connects to the T1 via an inexpensive Barricade router.

I suspect the problem is either with their router or possibly the ISP, XO Communications, who supplies both my T1 connection and theirs.  There have been no hardware/software changes at my location and all other remote locations are not experiencing any problems.

I guess my question is what type of problem generates the log message 'Establish TCP Abnormally'?  Where should I concentrate my troubleshooting efforts?

Thanks,
OM Gang
0
Comment
Question by:omgang
  • 3
  • 2
6 Comments
 
LVL 3

Accepted Solution

by:
xrok earned 375 total points
ID: 14001545
First thing I would check is, client side PC for Virus/Adware/Trojan.
0
 
LVL 12

Assisted Solution

by:srikrishnak
srikrishnak earned 375 total points
ID: 14005741
This one is mainly due to the State checking of the firewall...Its not a firewall issue but mainly due to the routing or state table synchronization ( for checkpoint or any other firewall working in HA mode with load sharing)..i will check weather you have any asynchronous routes (could be at your ISP as well)..
0
 
LVL 28

Author Comment

by:omgang
ID: 14011445
I'll request all client machines at the problem location be checked for spyware/adware.

srikshnak, I'm not an expert on firewalls and am not sure I fully understand your reply.  Until three weeks ago communication between the remote office and my office had been trouble-free for over 12 months.  No changes, either hardware or software, have been made to the remote router or my router.  I will contact the ISP and open a trouble-ticket pending the results of the check for spyware/adware.

Thanks for your replies.
OM Gang
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 28

Author Comment

by:omgang
ID: 14038353
I haven't forgot about you guys.  The remote location is checking all PCs for virus/spware/adware.  Problem still persists but seems to have slowed down, i.e. only a few instances each day of the TCP connection dropped due to 'Establish TCP Abnormally'.  My next step is to have them swap out their router with a different unit to see if the problem goes away.

OM Gang
0
 
LVL 28

Author Comment

by:omgang
ID: 14041409
Thanks to both of you for your replies.  It seems the cleaning of the PCs has made the problem go away.  I am still going to keep my eye on my firewall logs and take a hard look at the remote router if the problem come's up again.  My original question was for troubleshooting advice and I got it.  Thanks.
OM Gang
0
 
LVL 12

Expert Comment

by:srikrishnak
ID: 14042879
Problem solved..thats all which matters..:)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question