RDC not working using OpenVPN

I recently got myself a new notebook with Win7 with all windows updates installed. Right from the start I was getting the following error when connecting to servers at my customer's using remote desktop connection (RDC) and OpenVPN

because of an error in data encryption, this session will end. please try connecting to the remote computer again.

I thought that something was wrong on the notebook but over the weekend I installed all the lasted updates on my desktop (where I did not have the problem) and now I have the same problem on the desktop.

I've been scratching my head on this one. The problem is that I only get the error on any server I try to connect to using OpenVPN. All of my customers have Untangle with OpenVPN except for 2. I use OpenVPN to connect to them and one of the other customer is use a SonicWall client. No problems with the SonicWall client and RDC.

The only time I have this problem when it is OpenVPN client to an Untangle box with all Microsoft updates installed. I'm running the latest OpenVPN client from openvpn.net

Has anyone else had this problem? Any ideas?
LVL 1
GerhardpetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel HelgenbergerCommented:
Since you seem to be able to initialize the connection, I suspect this is NLA. Try to switch it off for testing, here the technet paper on NLA:
http://technet.microsoft.com/en-us/library/cc732713.aspx

And a howto to switch it off:
http://www.2x.com/blog/2013/03/news/disabling-network-level-authentication-for-remote-desktop-services-connections-2/
0
GerhardpetAuthor Commented:
You mean switch it off on the server or my desktop?
0
Daniel HelgenbergerCommented:
Both, depending if your server only accepts NLA. Go to RDP settings and allow 'any version' - then setup your RDP client not to use NLA.

However, I most commonly use OpenVPN and had never issues with this and run all RDP sessions with NLA on. If it works with NLA off, then the trust chain in the certificates is somehow broken. OpenVPN might not be directly the cause then but some domain names or IPs.
0
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

GerhardpetAuthor Commented:
In my case I think it's got to be OpenVPN. I'm now connected to a Server using SonicWall and and 2 servers without a VPN. All 3 RDC sessions are active and working as I write this.

Then I have 5 customers with Untangle/OpenVPN and none of them work.

I get this on all of them

because of an error in data encryption, this session will end. please try connecting to the remote computer again.
0
Daniel HelgenbergerCommented:
Even with NLA disabled?

The error message is from NLA, broken trust chain. Use TLS and you are fine for now. Then check your trust settings and if there are subnets not allowed.

Again, OpenVPN is not the cause, but something else in the settings of either the server or the client making the connection.
0
GerhardpetAuthor Commented:
Very strange. I made the connection to 3 different servers (at different customers) with no VPN. No issues. Then right after I tried 2 customer servers with OpenVPN and wola it worked.

Now all of them work. I have not made any changes to my desktop nor the servers
0
Daniel HelgenbergerCommented:
Really hard to tell. IMHO OpenVPN has nothing to do with it - as a tunnel connection this should be (and is) transparent.
But since you need a tunnel network, that IP/network segment you get from OpenVPN might be the cause
0
GerhardpetAuthor Commented:
Well for now it fixed itself and I'll if it happen again. I'll leave this question open for now
0
Daniel HelgenbergerCommented:
Indeed!
0
GerhardpetAuthor Commented:
I don't get this. Back to the same problem after rebooting my computer. And it is only a problem if connecting via OpenVPN. In all case it is OpenVPN/Untangle at both ends

Using SonicWall for VPN there is not problem. Also a have 2 servers where I can connect to directly without a VPN and it works fine too.

I wish I could once and for all find a solution to this
0
Daniel HelgenbergerCommented:
Have a look at this thead:
Untange / OpenVPN / RDP
http://forums.untangle.com/openvpn/30898-rdp-over-openvpn.html
Untagle says its not them, but a bug in Windows TCP stack:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/3e4e9d8a-cf6a-4e7a-9072-f9ecd3f17a72/because-of-an-error-in-data-encryption-i-get-disconnect-rdc

It seems the user did solve this by disabling large send offload in the NIC of the windows machine:
To workaround this issue, set the host NIC property "IPv4 Large Send Offload" to disabled.
Alternatively, bind RDP to a non-TOE interface, or one with working TOE.

Worth testing, but not derivable in the long run for servers. The second method, bind RDP to another interface where TOE is disabled, is far better but may not posible.
But since you do not have this with sonic wall, untangle seems to be is involved here, no matter what they say.
0
GerhardpetAuthor Commented:
But since you do not have this with sonic wall, untangle seems to be is involved here, no matter what they say.

You are right and also I can make an RDP connection without using a VPN. I will try the links
0
Daniel HelgenbergerCommented:
Maybe another option would be to switch to Ipsec at the Untangle sites?
0
GerhardpetAuthor Commented:
Ok I'm ready to bang my head against the wall 10 times

Here is the sequence to make it work after rebooting my Win 7 computer.

1- Connect to my customer X using Untangle OpenVPN (in my office I also have Untangle so both ends are Untangle)
2- Connect to server using RDP at customer X and I get "because of an error in data encryption, this session will end..." In other words it does not work
3- Now I connect to my customer Y using a SonicWall VPN client
4- Connect to server using RDP at customer Y and it works
5- Now I connect to server using RDP at customer X and it works too.

Bang...bang...bang

Please save me from hurting myself. This is a very frustrating problem to have.

Keep in mind that right from step 1 OpenVPN is connected the whole time to customer X
0
GerhardpetAuthor Commented:
Ok on top of that I get the same results on my notebook. It does not work on there either until I follow the sequence above but on my notebook I left step 4 out.

I think the lightbulb is coming on.

Is there perhaps some kind of conflict between OpenVPN Client and SonicWall VPN client?

Both of my desktop and notebook have OpenVPN and SonicWall VPN clients installed.
0
GerhardpetAuthor Commented:
Ok I got it. All I have to do is have the SonicWall VPN client running. It does not have to be connected to my customers network.

Perhaps this will help someone else solve similar problems
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GerhardpetAuthor Commented:
Found the problem myself
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.