Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

RDP disconnects

Posted on 2009-12-28
10
Medium Priority
?
2,263 Views
Last Modified: 2013-12-14
All,
I have 5 remote offices that are on DSL and connect to our main office via VPN.  Everyone uses Remote Desktop Connection to access our terminal servers at the main office.  The DSL lines were installed 6 months ago.  About 3 months ago 2 of our offices starting having issues with RDP.  When they initiate a connection, RDP will timeout.  If they are already connected, they will get a red X with an error stating that they lost connection and it retries to connect.  Eventually, they will re-connect (about 5 minutes or so) or in the other case, they'll finally connect also.  

There is no pattern to this issue.  Some workstations connect fine while the one next to them can't connect and vice versa.  Some users get time-out errors after a connection while others can keep working.  This is only happening to two remote sites.  All sites have the same router (Cisco 871) with the same configs, the same DSL modem (Actiontec M1000) with the same configs, etc.  We have 8 terminal servers and the issue happens no matter which TS they connect to.  ALL other locations have no issues at all, so we feel it is proprietary to the remote location and not the TS, etc. at the main office.  We have had Qwest look at the network with no issues.  Also, when the connection issue starts, we ping the TS in question from the local pc with good response times, and we do a DSL speed test (HTML) with good response times.  We do not feel it is a network issue.  We have sniffed the network with nothing abnormal.  The list goes on as to what we have tried and the issue seems to be with RDP.  We have tweaked all registry settings on both the workstations and the terminal servers regarding timeouts, re-tries, and MTU settings.  Does anyone have any other ideas that we can try?  

Thank you,

Frank
0
Comment
Question by:Rocky_Mountain_Admin
10 Comments
 
LVL 5

Accepted Solution

by:
tiago_aviz earned 1000 total points
ID: 26134020
Hey there!

1- Well, first, what do the event logs on the terminal servers tell you? Are there any events registered when anyone's connection drop or simply do not work? Check for event from source TermDD.

2- If there's nothing about disconnects, are there enough licenses for everyone? Are all your TS servers not registering licensing errors in the system log?

3- If licenses are OK, can you ping your terminal servers from the troubled remote offices no matter how big the MTU is? Try pinging it with "ping wbtserver -f -l 1400" to check that. Some DSL routers do not correctly ajust path MTU. Don't know if that's your case.

4- What firewall are you running in front of your TS server? Are its logs confirming that the traffic is being allowed? Any IDS/IPS in place that could be causing these issues?

5- What changes took place 3 months ago?

6- Are your TS servers offloading tcp/udp checksums? Check that out in the servers' NIC properties and disable it, I've seen the very same issue you're facing on a customer of mine.

0
 

Author Comment

by:Rocky_Mountain_Admin
ID: 26135007
Tiago,
Thank you for the quick reply.  

1 - There are no errors in the logs regarding TermDD or any other events for RDP, TS, Network, Etc.

2 - There are no errors regarding licenses in the error logs, and no one is getting a popup window with a message stating the same.

3 - MTU settings are ok.  These are adjusted by Cisco router.

4 - We use Cisco routers with ACL's but also have AVG installed (Network Edition).  We replaced TrendMicro with AVG because we had network issues directly related to Trend.  This has sparked a few ideas with us, so we are disabling a few AVG installs and I'll let you know the results. See #5 below.

5 - We replaced TrendMicro with AVG.  See #4 for steps we are taking for troubleshooting.

6 - Offload TCP/UDP Checksums are enabled on the NIC's.  We would like to see what happens with the AVG tests we are doing before making the NIC changes.  

I will keep everyone posted as to the outcome.

Thank you for the suggestions.
0
 
LVL 5

Expert Comment

by:tiago_aviz
ID: 26135473
Sounds great! I've had a lot of issues with trend in the past. Let me know what happens!
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 2

Expert Comment

by:etosan
ID: 26144371
Antivirus software tends to cause lot of problems. I personally dislike AVG, I know it from my DOS times cca 10 years ago and even back then it had it's quirks.  I have not seen recent versions, but does it use winsock "Network provider" API to monitor traffic ? NOD32 2.7 family does use that. Disable network monitor if it has such facility and reset winsock stack and see what happens. You can verify installed network providers with autoruns software from sysinternals.
0
 

Author Comment

by:Rocky_Mountain_Admin
ID: 26191414
Well, we still have the issue.  I thought I'd update what's happening.
1. We disabled AVG on all TS, Servers and workstations.  This had no effect.
2.  We created a new TS and changed the RDP port to 8895.  We had the users at both locations that have issues connect to this new TS.  Same issue.
3.  We now have a TAC open with Cisco.  They say the config files on the routers (871) are good.     They had us start Wireshark on a workstation at the remote location and at the same time start Wireshark on a TS.  Then we had the workstation connect to the TS.  Eventually we lost connection/dropped from RDP a few times and we closed both .pcap files from Wireshark.  Cisco is now analyzing the capture files packet by packet with timestamps to see the conversations and what is exactly happening.

Frank
0
 

Author Closing Comment

by:Rocky_Mountain_Admin
ID: 31670526
Tiago,
We finally figured out what the issue was and how to fix it.  The issue is known as a Black Hole Router and is somewhere in the route between out remote location and us.

We ran two copies of wireshark.  One on a remote workstation and one on the terminal server where the workstation connected.  When a few disconnects occurred, we stopped both captures and compared the two via timestamps.  Eventually we opened a TAC with Cisco and they discovered the Black Hole Router.  More information on this anomaly can be found here: http://support.microsoft.com/kb/314825

I'm awarding the points to you as you had some good ideas to try, one which is directly used to identify Black Hole Routers (Step 3).

Thank you again for your ideas!

Frank
0
 
LVL 5

Expert Comment

by:tiago_aviz
ID: 26305119
Hi there Frank!

I'm really happy things turned out OK for you! Glad I could help :)

Cheers!
0
 

Author Comment

by:Rocky_Mountain_Admin
ID: 26305379
Tiago (and anyone else that this may help),
I'm so glad this is over!  I did want to clarify a few things as we learned more about this issue.  This IS a black hole router issue, but this is a MICROSOFT term and not Cisco.  Cisco has terminology regarding black hole routers and it is used to analyze DoS attacks on a network.  The issue we had was actually our own Server (MS Server 2005) causing the issue.  We're not sure which actual server,  because we made registry settings to all of them.  But, from what we can gather, this is sort of a bug in the MS OS and the fix is the KB I posted earlier (the link above).  I'm sorry I can't be more clear.  Again, I'm just glad the 3 month issue has been resolved!  Thanks again!

Frank
0
 

Expert Comment

by:jmgallo
ID: 29119399
Im having the same problem, I do not see the KB in the link above for the Registry Setting. Can you repost the link. Also, in the last post you typed (MS Server 2005) do you mean 2003?

Thank You
0
 

Author Comment

by:Rocky_Mountain_Admin
ID: 29130903
jmgallo,
The link is in the very first box on this page.  I've re-posted it here to make it easier.
http://support.microsoft.com/kb/314825
Also, you wwere correct.  The server is MS Server 2003 NOT Server 2005.  It was a typo.  Good luck and I hope it works out for you.

Frank


0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Last month, the FCC voted to repeal Title II, the framework supporting net neutrality across all broadband ISPs. We sat down with Doug Walton, database administrator at Experts Exchange to gauge his opinion of what will happen next.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question