Link to home
Start Free TrialLog in
Avatar of kucelkj
kucelkjFlag for United States of America

asked on

Terminal Services client (RDP) will drop after inactivity

My client has a 7 location hub-n-spoke VPN setup.  All sites get sessions from the terminal server at the main site.  Several of the users from all sites will be RDP'd into the server for the entire day with inactivity up to 2 hours and never get kicked off,  while other sites get kicked off after 20 minutes of inactivity.  

The server is a Windows Server 2000 with SP4 installed.  The VPNs are setup with SonicWALL equipment.  

I've been trying to figure this out with little progress so now I'm reaching out to the community.

Thanks,

-Ken
Avatar of adnanj76
adnanj76

Well if rest of the sites are working without timeout then configuration at your end looks fine, you should consider checking router or firewall settings at the client end . If it's a pppoe connection may be it's set with some idle network timeout settings.
Avatar of arnold
A connection drop as others pointed out is a VPN configuration issue.
Check the logs on the sonicwalls that connect the spoke to the HUB where this 20 minute kicks in. As well as configuration dealing with IDLE timeout for the VPN connection.
Avatar of kucelkj

ASKER

I'm running a test right now from one server in the hub location to the suspect server in the same location and see if we get any timeout or connection drop issues.  This would eliminate the VPN tunnel all together.  I'm going to run the test for an hour or two and see what happens.

Thanks for your input,

-Ken
you could also check the usual stuff.


- MTU of the WAN interface.  https://www.experts-exchange.com/viewArticle.jsp?articleID=3110
- speed/duplex of the WAN interface.  by default it's set to Auto.  it may need a static combination.

i'm in favor of the other end having an issue, but would like to see log information as well from the sonicwall.
Avatar of kucelkj

ASKER

Well, here's the deal.  I changed the MTU on all SonicWALL routers to 1404.  That was an earlier recommendation by a SonicWALL tech support person a few years ago.  That didn't seem to help very much.

I've VNC'd into the two problematic computers where I can reliably reproduce the Terminal Services (TS) disconnect and have been performing tests.

What I've found is that after 15 minutes of inactivity, the sessions disconnect.  Now, both of these computers are a member of the windows domain just like at the main office.  

I'm not sure if it is a Group Policy that could be causing the problem or something else.

Any suggestions?

-Ken
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kucelkj

ASKER

They do get an error message.  I'm going through the steps necessary to reproduce the error message so I can forward it on to you.

As for the same groups, the two users that get disconnected are members of the exact same groups.  When I'm logged in as administrator, I too get disconnected after 15 minutes.  The only common group between all 3 users are membership into the "Domain Users" group.
Avatar of kucelkj

ASKER

Here's the error message...
2011-01-03-Error-Message.docx
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
regarding http:#a34467781, i see this error when my connection is dropped.  either a vpn is disconnected or i lose network connectivity.
Avatar of kucelkj

ASKER

Digitap,

I'm checking my SA's for each tunnel for those settings.  I'll let you know what I find.  

Regarding the tunnel dropping, it doesn't appear to drop.  I have a constant ping going on and it doesn't miss a single ping.
Avatar of kucelkj

ASKER

Digitap,

I changed the TZ210 side as you suggested but the remote side is a TZ170 using STD OS.  So I didn't make any changes.  I"ll test that now and see what happens.
the standard OS is limited on this configuration.  there is the general TCP timeout under the advanced settings for the firewall, but nothing for each individual firewall rule.  i think there's only UDP...could be mistaken there.

based on the ping, sure seems like the vpn is staying up.  will wait for your results.
Avatar of kucelkj

ASKER

Digitap,

Problem solved.  You are the man!!!!!!!

Thanks for all the great suggestions.

Thanks to the entire group for their great suggestions.

-Ken
Avatar of kucelkj

ASKER

Thanks for all the help...I truly appreciate everyone's comments!
good to hear.  thanks for the points!