Improve company productivity with a Business Account.Sign Up


Baffled by Dropped RDP connections over Sonicwall VPN

Posted on 2012-03-12
Medium Priority
Last Modified: 2012-03-29
Baffled by Dropped RDP connections over Sonicwall VPN
I am in desperate need of help with an ongoing network issue and would greatly appreciate anyone who can help.
We have a main office and two branch offices connected via VPN. The main office has a Sonicwall TZ210 connected via DSL on X1 and Bonded T1(3 Mbs) on X2, each branch office has a Sonicwall TZ 180 connected via DSL on the WAN port and T1(1.5Mbs) on OPT port. The VPN policy is bound to the T1’s and Http/s traffic is routed to the DSL’s. It has been configured and working well for about 2 years. Several months ago, RDP connections from the branch offices to the terminal server in our main office began dropping and in recent weeks have become very bad.
1)      Every few minutes at irregular intervals clients at remote offices lose their TS connection. When it drops it stays down for seconds to minutes at a time. Some days we will go hours with no drops other days it drops every 3-5 minutes.
2)      When the remote TS clients get disconnected, they all get disconnected at the same time.
3)      During the disconnect, I cannot ping the TS from the remote offices over the VPN, However I can ping the TS from the local network in the main office.
4)      During the disconnects, I can ping other servers at the main office from the remote offices over the vpn.
5)      RDP connections to the terminal server from the local network do not get disconnected.
From my desktop ( in our main office, I can RDP into the file sever in our El Paso office (, While connected I RDP back into our TS ( After a few minutes, I see the El Paso file server loose it’s RDP connection to our TS but I never loose my connection to El Paso.
What I have tried.
1)      Contacted all ISP and verified connections are working properly. There were some connectivity issues with two of our offices. The ISP’s tell me those have been resolved though I am not 100% convinced.
2)      Reduced MTU size on all wan interfaces on all sonicwalls to 1436 from 1500. This is the largest I can send over the vpn before fragmentation.
3)      Changed the TCP Connection Inactivity Timeout from 15 minutes to 60 Minutes for all LAN->VPN and VPN->Lan Access rules on all the sonicwalls.
4)      Changed “Firewall > Advanced Rule Options - Default UDP Connection Timeout from 30 to 61 Seconds (suggested on another site – no noticeable difference)
5)      “Allow Fragmented Packets” is turned on in all the access rules.
6)      “Fragment non-VPN outbound packets larger than this Interface's MTU” and “Ignore Don't Fragment (DF) Bit” is On for all WAN and OPT interfaces on all Sonic walls
7)      Upgraded the Firmware on the TZ210 to the latest
8)      Attempted to Update firmware on TZ180’s but the firmware fails to upload. I’ll be making another post about that issue
9)      Ran Symantec and Malware bytes scan on TS (clean)
10)      Verify the VPN traffic is going over the T1 and not the DSL
11)      Verified all TS clients are connecting via the correct local IP (
What I plan to try next.
1)      Currently there is a cisco switch between the TZ210 and the TS. I will try connecting the TS directly to the SW TZ210 in case there is some issue with the switch
2)      I will attempt to resolve the issue with updating the Firmware on the TZ180’s
3)      Make sure my office door stays locked and a can of mace is handy.
4)      Wait patiently for the advice of those wiser than me ¿

There are only 4-5 users at each remote office – 9 Total.

TS – win 2003 R2 64Bit SP2,  Quad Core Xeon at 2.83 Ghz, 12 GIG of ram. It has all MS updates applied. It is not being over taxed.
TZ180’s       Firmware Version: SonicOS Enhanced
              ROM Version: SonicROM

TZ210            Firmware Version: SonicOS Enhanced
Safemode Version: SafeMode
ROM Version: SonicROM

Question by:DCJ-TX
  • 6
  • 2

Expert Comment

ID: 37713474

Just an idea: did you check your WAN "Failover & Loadbalancing" Options? Since you have two WANs @ each location, you probably have enabled Load-Balancing?

If yes, did you read anything in your logs about failing one link over to another?

If yes, change the settings for the probe intervals!
(We realized, that SonicWALL changed the default in their newest firmware from 5/3/3 to 5/6/3 - where 5 is the check-interval in seconds, 6 is the amount of unsuccesful checks before failing over and 3 is the amount of successful checks before failing back to the primary WAN).

Good luck!

Author Comment

ID: 37713505
Thanks hofpad, but load balancing is not enabled. ALSO, We do not loose the VPN. Just the RDP connection.
LVL 15

Expert Comment

ID: 37715244
I had the same problem with a client.  Turned out the Sonicwall was just bad, theirs was about 5 years old.  When we replaced it with a newer model it worked. If you can temporarily swap out the firewall I would see if it resolves your issues.
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.


Author Comment

ID: 37725517
We have a 40X10 MBps fiber optic line being installed as I speak and I have a TZ215 arriving tommorow. We'll see which if either resolves the problem.

Author Comment

ID: 37730018
Installed Fiber and still having the issue. I think it may be winsock corruption on the windows 2003 trerminal server.

I stumbled upon this (see below)

Some of the 10 entries were missing. I only had the first for. I ran the MS fixit and rebooted. Checked and all 10 entries were there. I had no dropps for about 1 1/2 hours. Then they started up again. I checked again and now there are only 4 entries again.

So i am thinking something is corrupting the winsock - But what?

"Method 2: Use the Msinfo32 program
Note Use this method only if you do not have a Windows XP Setup CD and you do not have Support Tools installed. 1.Click Start, click Run, type Msinfo32, and then click OK.
2.Expand Components, expand Network, and then click Protocol.
3.You will have ten sections under Protocol. The section headings will include the following names if the Winsock2 key is undamaged: ¿MSAFD Tcpip [TCP/IP]
 ¿MSAFD Tcpip [UDP/IP]
¿RSVP UDP Service Provider
¿RSVP TCP Service Provider
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
If the names are anything different from those in this list, the Winsock2 key is corrupted, or you have a third-party add-on, such as proxy software, installed.
If you have a third-party add-on installed, the name of the add-on will replace the letters "MSAFD" in the list.

If there are more than ten sections in the list, you have third-party additions installed.

If there are fewer than ten sections, there is information missing. "

Author Comment

ID: 37731241
I discovered that while the connection is down, if I repair the "local area connection" on the terminal server. The connection comes back up. So i went looking to see exactly what a " repair does" the first thing it does is flushes the arp cache. So I opened a cammand prompt and any time the connection drops I can run:

netsh interface ip delete arpcache

and the connection will imeadiatly come back up. So I know the issues has something to do with the ARP cache but I have no idea where to go from here. Ideas?

Expert Comment

ID: 37734965
Before you do the arp-flush the next time, try to look at the arp-table (on the terminal server) and find out, if the default-gateway (should be the SonicWALL) is still correct - or if another network item with "bad behaviour" has "taken over" the default-gateway ip?

Accepted Solution

DCJ-TX earned 0 total points
ID: 37760994
I am not sure which fixed it but I followed this artical and I made a static arp entry for the terminal server in my firewall. One of the two resolved the problem.

Thanks for all the help.

Author Closing Comment

ID: 37780899
This is what worked.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Have a Cisco router that you forgot the password or maybe you bought a used router that is locked with a password? This article will guide you through the steps on how to recover the password on your Cisco gear.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question