• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 639
  • Last Modified:

Remote application times out after 5 minutes, and RDP remains active

I have 4 terminal servers, all Windows 2003 R2 that runs an application for our remote stores.  All stores have Windows XP Pro SP3 and are all members of the domain, etc. etc.  I have a GPO where the settings are as following:
- Set time limit for disconnected sessions  1 Min
- Set time limit for active but idle sessions  1 Hour
- Terminate session when time limits are reached  Enabled
When a computer connects via RDP to the terminal server, it runs an application.  After 5 minutes, the application or terminal session logs the user out of the application and the RDP remains active, but connects the user to another terminal server?  Thus closes/logs out the user of the application.  With 4 terminal servers, Round Robin is in use for load balancing and balances all connections very well.  Most stores have a SonicWall TZ 170 or TZ 180, some with enhanced OS with a VPN connection to a SonicWall 3060, enhanced OS.  The settings are all identical to each other.
Additional information, I have tersted with notepad.exe as well, with the same result.  Each store has it's own OU with it's users.  Each user launches the same program as defined in the user's properties.
Please ask for screen shots, etc. if you find this necessary.  
0
bestfriends
Asked:
bestfriends
  • 6
  • 3
1 Solution
 
bestfriendsAuthor Commented:
Additional information:
I have tried to have the user/pc log onto one server via static IP, instead of DNS.  This resulted in the same outcome.
0
 
Cláudio RodriguesCommented:
I still do not understand where the problem is and how this is happening. Your post is not very clear and I find it confusing.
Could you post it step by step like?
1. Users at remote location connect to TS using the DNS name.
2. They get a session in one of the TSs.
3. They launch the application A we use.
4. After 5 minutes....

Thanks,

Cláudio Rodrigues
Citrix CTP
0
 
bestfriendsAuthor Commented:
1. Remote user connect to TS using DNS (i.e. kms.best.net)
2. Once connected a program launches automatically (Defined in the user's profile)
3 User logs in to that program and every thing is fine, until idle activity.
If inactive for 5 minutes, the session logs the user out of the program and logs on to another TS server.   The program restarts and aks the user for credentials, username and password.  RDP remains active, but the program switches to another TS server.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Cláudio RodriguesCommented:
Ok so there is something wrong here. First of all a session that is disconnected cannot 'magically' appear on another TS. TS does not have a mechanism to transfer disconnected sessions from one TS to another TS.
So what is really happening is this:
1. Remote user connects to TS using DNS.
2. As you are using DNS Round Robin, it will send the user to one TS, let's say TS1.
3. Users works for 5 minutes and then does nothing, getting idle. His session is disconnected on TS1 (may be still active if you look at TSADMIN on the TS he was, TS1).
4. He immediately tries to get back but as you are using DNS Round Robin he goes now to TS2 and a new session is created on it and of course the application now launches again.

The first issue is the 5 minutes disconnection. The problem may be on the firewall or on the user end (router, modem, etc). Certain devices (firewall/routers/modems) will drop a connection if it is idle for a certain amount of time. That is probably the reason why your 1 hour timeout is not being respected.

The second issue is the fact the user does not get his first session back. The problem here is simple: DNS Round Robin. DNS Round Robin is the cheapest (free) load balancing mechanism you can use to load balance TSs but as you can see, it is completely dumb. It does NOT know there is another session from the same user already on another TS. Smarter Load Balancing solutions not only know that but also know what kind of load any TS is under. Based on that it will send a user to the best performing TS or the one that already has a session for that user, effectively reconnecting the user. These are called 'Resource Based Load Balancers' and can be either software or a hardware implementation.
I wrote several articles and presentations about this subject and you can read more here:
http://www.msterminalservices.org/articles/Load-Balancing-Terminal-Services-Part1.html
http://www.msterminalservices.org/articles/Load-Balancing-Terminal-Services-Part2.html

In your case you could use NLB (free, part of 2003) with Session Directory, to fix that. Is this the best option? Nope but beats DNS Round Robin hands down.
Ideally you would be using a true load balancer like the 2X LoadBalancer (software) or a hardware based solution like Kemp Technologies, Coyote Point and so on.

Cláudio Rodrigues
Citrix CTP
0
 
bestfriendsAuthor Commented:
I sensed that there was an issue with DNS Round Robin.  The RDP connection stays on, then the application closes and opens on a different TS server.  I monitored the PC with connection, as well as the TS Manager and could see this happening.  I will read through your articles (Visits these sites quite often, but must have missed something).  Because our stores are very active throughout the day, I will conduct some tests, based on your receommendations and return with an answer as soos as I can.  Thank you vbery much for you assistance, it's greatly appreciated.
0
 
bestfriendsAuthor Commented:
Could I enable/configure NLB while RRDNS is still running for testing purposes?  
0
 
Cláudio RodriguesCommented:
Yes, you can have NLB up with RRDNS.

Cláudio Rodrigues
Citrix CTP
0
 
jlwcciCommented:
You can check the firewall rule that is allowing the traffic for the application, the rules usually have a timeout value of 5 or 15min. That might help the disconnecting issue and then the DNS round-robin won't be such an issue.
0
 
bestfriendsAuthor Commented:
I do not believe that I have an issue with our firewalls.  All of our stores hvae SonicWall TZ170 and some with TZ180.  The firewall behind our TS servers is a SonicWall 3060.  The reason I do not think it's a firewall issue is that some stores can have an idle activity running for 60 minutes as defined in the GPO.  This I think is related to the RRDNS.
I have compared each SonicWall settings for the stores that are OK with the stores that are not, even replaced a SonicWall.
I'm currently working on the solution that Cláudio Rodrigues recommended with NLB.  Cláudio Rodrigues also have great articles that were linked earlier.  In addition, I located this link:
http://www.west-wind.com/presentations/loadbalancing/NetworkLoadBalancingWindows2003.asp
Therefore, I will focus on the NLB apporach for the time being.  Once I have tested this, I will follow up with a post.  Thanks for your feedback.

0
 
bestfriendsAuthor Commented:
Thanks for your feedback.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now