Solved

Baffled by Dropped RDP connections over Sonicwall VPN

Posted on 2012-03-12
9
6,679 Views
Last Modified: 2012-03-29
Baffled by Dropped RDP connections over Sonicwall VPN
I am in desperate need of help with an ongoing network issue and would greatly appreciate anyone who can help.
We have a main office and two branch offices connected via VPN. The main office has a Sonicwall TZ210 connected via DSL on X1 and Bonded T1(3 Mbs) on X2, each branch office has a Sonicwall TZ 180 connected via DSL on the WAN port and T1(1.5Mbs) on OPT port. The VPN policy is bound to the T1’s and Http/s traffic is routed to the DSL’s. It has been configured and working well for about 2 years. Several months ago, RDP connections from the branch offices to the terminal server in our main office began dropping and in recent weeks have become very bad.
Symptoms
1)      Every few minutes at irregular intervals clients at remote offices lose their TS connection. When it drops it stays down for seconds to minutes at a time. Some days we will go hours with no drops other days it drops every 3-5 minutes.
2)      When the remote TS clients get disconnected, they all get disconnected at the same time.
3)      During the disconnect, I cannot ping the TS from the remote offices over the VPN, However I can ping the TS from the local network in the main office.
4)      During the disconnects, I can ping other servers at the main office from the remote offices over the vpn.
5)      RDP connections to the terminal server from the local network do not get disconnected.
From my desktop (192.168.1.100) in our main office, I can RDP into the file sever in our El Paso office (192.168.4.10), While connected I RDP back into our TS (192.168.1.6). After a few minutes, I see the El Paso file server loose it’s RDP connection to our TS but I never loose my connection to El Paso.
What I have tried.
1)      Contacted all ISP and verified connections are working properly. There were some connectivity issues with two of our offices. The ISP’s tell me those have been resolved though I am not 100% convinced.
2)      Reduced MTU size on all wan interfaces on all sonicwalls to 1436 from 1500. This is the largest I can send over the vpn before fragmentation.
3)      Changed the TCP Connection Inactivity Timeout from 15 minutes to 60 Minutes for all LAN->VPN and VPN->Lan Access rules on all the sonicwalls.
4)      Changed “Firewall > Advanced Rule Options - Default UDP Connection Timeout from 30 to 61 Seconds (suggested on another site – no noticeable difference)
5)      “Allow Fragmented Packets” is turned on in all the access rules.
6)      “Fragment non-VPN outbound packets larger than this Interface's MTU” and “Ignore Don't Fragment (DF) Bit” is On for all WAN and OPT interfaces on all Sonic walls
7)      Upgraded the Firmware on the TZ210 to the latest
8)      Attempted to Update firmware on TZ180’s but the firmware fails to upload. I’ll be making another post about that issue
9)      Ran Symantec and Malware bytes scan on TS (clean)
10)      Verify the VPN traffic is going over the T1 and not the DSL
11)      Verified all TS clients are connecting via the correct local IP (192.168.1.6)
What I plan to try next.
1)      Currently there is a cisco switch between the TZ210 and the TS. I will try connecting the TS directly to the SW TZ210 in case there is some issue with the switch
2)      I will attempt to resolve the issue with updating the Firmware on the TZ180’s
3)      Make sure my office door stays locked and a can of mace is handy.
4)      Wait patiently for the advice of those wiser than me ¿

There are only 4-5 users at each remote office – 9 Total.

TS – win 2003 R2 64Bit SP2,  Quad Core Xeon at 2.83 Ghz, 12 GIG of ram. It has all MS updates applied. It is not being over taxed.
TZ180’s       Firmware Version: SonicOS Enhanced 4.0.3.4-12e
              ROM Version: SonicROM 4.0.1.1

TZ210            Firmware Version: SonicOS Enhanced 5.8.1.5-46o
Safemode Version: SafeMode 5.0.1.13
ROM Version: SonicROM 5.0.2.11

THANKYOU!!!
0
Comment
Question by:DCJ-TX
  • 6
  • 2
9 Comments
 
LVL 3

Expert Comment

by:Hofpad
ID: 37713474
Hi

Just an idea: did you check your WAN "Failover & Loadbalancing" Options? Since you have two WANs @ each location, you probably have enabled Load-Balancing?

If yes, did you read anything in your logs about failing one link over to another?

If yes, change the settings for the probe intervals!
(We realized, that SonicWALL changed the default in their newest firmware from 5/3/3 to 5/6/3 - where 5 is the check-interval in seconds, 6 is the amount of unsuccesful checks before failing over and 3 is the amount of successful checks before failing back to the primary WAN).

Good luck!
0
 

Author Comment

by:DCJ-TX
ID: 37713505
Thanks hofpad, but load balancing is not enabled. ALSO, We do not loose the VPN. Just the RDP connection.
0
 
LVL 15

Expert Comment

by:markdmac
ID: 37715244
I had the same problem with a client.  Turned out the Sonicwall was just bad, theirs was about 5 years old.  When we replaced it with a newer model it worked. If you can temporarily swap out the firewall I would see if it resolves your issues.
0
 

Author Comment

by:DCJ-TX
ID: 37725517
We have a 40X10 MBps fiber optic line being installed as I speak and I have a TZ215 arriving tommorow. We'll see which if either resolves the problem.
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 

Author Comment

by:DCJ-TX
ID: 37730018
Installed Fiber and still having the issue. I think it may be winsock corruption on the windows 2003 trerminal server.

I stumbled upon this http://support.microsoft.com/kb/811259 (see below)

Some of the 10 entries were missing. I only had the first for. I ran the MS fixit and rebooted. Checked and all 10 entries were there. I had no dropps for about 1 1/2 hours. Then they started up again. I checked again and now there are only 4 entries again.

So i am thinking something is corrupting the winsock - But what?

"Method 2: Use the Msinfo32 program
Note Use this method only if you do not have a Windows XP Setup CD and you do not have Support Tools installed. 1.Click Start, click Run, type Msinfo32, and then click OK.
2.Expand Components, expand Network, and then click Protocol.
3.You will have ten sections under Protocol. The section headings will include the following names if the Winsock2 key is undamaged: ¿MSAFD Tcpip [TCP/IP]
 ¿MSAFD Tcpip [UDP/IP]
¿RSVP UDP Service Provider
¿RSVP TCP Service Provider
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
¿MSAFD NetBIOS [\Device\NetBT_Tcpip...
If the names are anything different from those in this list, the Winsock2 key is corrupted, or you have a third-party add-on, such as proxy software, installed.
If you have a third-party add-on installed, the name of the add-on will replace the letters "MSAFD" in the list.

If there are more than ten sections in the list, you have third-party additions installed.

If there are fewer than ten sections, there is information missing. "
0
 

Author Comment

by:DCJ-TX
ID: 37731241
I discovered that while the connection is down, if I repair the "local area connection" on the terminal server. The connection comes back up. So i went looking to see exactly what a " repair does" the first thing it does is flushes the arp cache. So I opened a cammand prompt and any time the connection drops I can run:

netsh interface ip delete arpcache

and the connection will imeadiatly come back up. So I know the issues has something to do with the ARP cache but I have no idea where to go from here. Ideas?
0
 
LVL 3

Expert Comment

by:Hofpad
ID: 37734965
Before you do the arp-flush the next time, try to look at the arp-table (on the terminal server) and find out, if the default-gateway (should be the SonicWALL) is still correct - or if another network item with "bad behaviour" has "taken over" the default-gateway ip?
0
 

Accepted Solution

by:
DCJ-TX earned 0 total points
ID: 37760994
I am not sure which fixed it but I followed this artical and I made a static arp entry for the terminal server in my firewall. One of the two resolved the problem.

Thanks for all the help.

http://support.microsoft.com/kb/317518
0
 

Author Closing Comment

by:DCJ-TX
ID: 37780899
This is what worked.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now