Solved

Remote Desktop Error - "Because of a protocol error, this session will be disconnected"

Posted on 2013-11-07
52
10,837 Views
Last Modified: 2013-12-01
Remote Desktop SettingsWeird CharactersI have a Terminal Server (W2008 32bit Std. / one of Virtual Machines in a VMWare box) in one city running Industry specific application software and have a group of users in another city where they have been using Remote Desktop to connect to the Terminal Server to  run that application software for more than a year w/o a problem.

All of sudden starting a few weeks ago, ALL the users from another city (who uses remote desktop) is complaining that they are kicked off the session once or twice a day with the message "Because of a protocol error, this session will be disconnected".
I googled this message and found numerous solutions to try, so I decided to post the question because I can't possibly try/apply all of those remedies.

I am wondering if un-checking check boxes for "Visual styles" and "Persistent bipmap caching" will resolve the problem ... but then no user has changed the settings in remote desktop or know how to make these kind of changes.

So that leaves one possibility - something happened to my terminal server settings.
One  thing that I did a few weeks ago was to set up another Virtual Machine (on VMWare box) to run Norton End Point Protection Management Center. Perhaps this new virtual machine took away some of the resources from TS virtual machine?
Maybe not likely ... but I am just thinking out loud.

 In the office where we host Terminal Serve, our internet connection is cable internet with 50 mbps down /5 mbps up which is pretty good.

Can you help?
0
Comment
Question by:sglee
  • 24
  • 15
  • 8
  • +1
52 Comments
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Would it be possible to deploy a test terminal server, at your datacentre, and get a remote connection to this server, to see if the connection is terminated during the day.

This seems like a firewall, internet, connection issue.
0
 

Author Comment

by:sglee
Comment Utility
I can set one up. Since it involves a lot of work (creating OS, Configuration, installing App, User profiles ... etc), for now I would like to approach it from different angle.
Do you have strong suspicion that somehow Terminal Server is damaged or corrupted?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Very little additional work is required to test you have a good connection between your remote site, and this site.

An RDP connection to an existing Terminal Server (Administrator Access to any Server), from this remote location, will prove if there is an issue with the network.

Protocol errors are usual if the RDP connection is disrupted.
0
 
LVL 8

Expert Comment

by:piyushranusri
Comment Utility
could you please confirm me this.

users from another city (who uses remote desktop)

are these user are from different geographical region or based on the city..i am pointing to regional settings.

1. access same RDP from user profile from terminal server
2. access same RDP by your credentails from their location

keep in mind ...RDP should be same

i dont think..its internet connection, firewall issue..


please share the output
0
 

Author Comment

by:sglee
Comment Utility
@piyushranusri
"are these user are from different geographical region or based on the city..i am pointing to regional settings" ---> Yes the remote desktop users are located in a different city about 100 miles from the terminal server location.

"keep in mind ...RDP should be same" ---> Remote users have not changed any settings. I have not changed any settings on my Terminal Server.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
is RDP still disconnecting regularly?

does it only do it when this application is being used?
0
 

Author Comment

by:sglee
Comment Utility
"does it only do it when this application is being used?" - Yes and that is only application that they run.

"is RDP still disconnecting regularly?" --> After I removed the W2008 virtual machine running Norton) on 11/5/2013, I only had three reported disconnects.
User1  11/6/13  3:48PM,  11/7/13 11:11AM
User2  11/7/13  12:33PM

So far today I have not heard from anyone yet. It could be they have NOT been disconnected or they have not simply reported incidents to me.
** Come to think of it, I have not rebooted the VMWare box since the problem has been reported although I rebooted Virtual Machines (Terminal Server and App Server). Maybe I should do that just to refresh everything?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
How many users run this application, and our connected at one time?

less than 10, or 100s?
0
 

Author Comment

by:sglee
Comment Utility
The number of con-current logins fluctuates between 10 and 15.
The Terminal Server (Virtual Machine) has 3GB RAM and 60GB HD Space (32GB Free) assigned.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
if they do not run the app, do they stay connected?

and all 15 users have been affected and submitted a Service Request of disconnection?

have they all been disconnected together?
1
 

Author Comment

by:sglee
Comment Utility
"if they do not run the app, do they stay connected?"  ---> I noticed that they simply close the Remote Desktop while leaving App open & running. I asked the users to close the APP AND LOGOFF (not just click [x] on Remote Destkop title bar). They have been better, but at the same time I don't check to see who left the session and app open every night.

"all 15 users have been affected and submitted a Service Request of disconnection?" --> only five core users seem to be complaining. But they have been doing this for 2 years and no problem all this time. As to the time of the beginning of the problem coinside with the time that I created another virtual machine to run Norton EndPoint Protection Management program and started receiving "lack of resource" email alert from it.

"have they all been disconnected together? " ---> Not sure. I can ask, but that was the reason that I asked the users to email me whenever they get this error in the future so that I can keep the log.
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
You  mention initially that this disconnect issue started all of a sudden. Were there any changes on the server OS, Vmware VM or network???

Were Windows updates installed recently?

Any updates to your AV software?

Is it possible you app has a memory leak? Did you check the event logs of memory related errors?

have you checked the Vmware VM performace charts for the VM?

Try to run procmon on the TS server to see what EXE/services are active when the diconnect occurs.

When the TS session drops is the TS session just dropping out or is networking to the VM dropping out as well?
0
 

Author Comment

by:sglee
Comment Utility
@compdigit44
(1) You  mention initially that this disconnect issue started all of a sudden. Were there any changes on the server OS, Vmware VM or network???  ---> I created a new virtual machine with Windows 2008 Std. in order to run Symantec EndPoint Protection Management software that manages about 10 workstations on the network. What I gather from users was that they started having a disconnection issue about the same time when I created the last virtual machine. Based on that feedback, I shutdown the server 2008 virtual machine to see if that improves the situation.  No user reported "disconnect" issue today yet. I will have to monitor it thruout the week to see if, in fact, creation of new virtual machine was the problem. I have not done anything to TS. Windows updates are disabled on this TS.

Before answering all other questions, let me talk to the users tomorrow to see if they really have not ran into any "disconnect" issue (since I have received any email from them with this problem TODAY). We will go from there.

I will keep you posted.
0
 
LVL 8

Expert Comment

by:piyushranusri
Comment Utility
waiting for reply on these points...did you check these

1. access same RDP from user profile from terminal server
2. access same RDP by your credentails from their location



please share the output
0
 

Author Comment

by:sglee
Comment Utility
@piyushranusri
It is rather difficult to do those tests even if I can log in with users credentials to the Terminal Server from my home (for example).
The reasons are:
(1) I don't know how to use their application software
(2) I guess I can run some modules to poke around, but if I use their credentials, I will kick them out of their RDP sessions. Furthermore they say that they get kicked out once or twice during 8 hour span. So I don't know how I can act like actual users for several hours only to see if I would get kicked out.
0
 
LVL 8

Expert Comment

by:piyushranusri
Comment Utility
to solve the issue dear friend, we need to look these parts also..is it possible that you take remote of user system and do this testing..and same share your system with user to login and ask him/her to check


please share the output
0
 
LVL 117

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
Comment Utility
Just a thought because this is common, users are not reconnecting to a disconnected session, that they have forced disconnected by mistake, e.g. hit the big X!

because it would generate the same error message!
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
You stated the issue happen after you create a two Vm to host Symantec. How was the second Vm created? Cloned, template etc.. Was the TS server created the same way orginally? Do the both you the same vSwitch? Do they same the same physical uplinks?
0
 

Author Comment

by:sglee
Comment Utility
@compdigit44
Sorry about not answering your question promptly ... a kind of crazy week it was.
(1) How was the second Vm created? ---> created from ISO. Not cloned. I don't have a template.
(2) Was the TS server created the same way orginally ---> I assum so. When I took over this customer account, TS1 was already there. The important thing about the time table is that the users started having this problem around the time I created a new VM (W2008) to run Symantec Endpoint Protection Management software. But then what is puzzling is that I shutdown that VM (TS2) and it is still happening.

Should I erase the TS2 VM from the inventory all together?

(3) Do the both you the same vSwitch ---> Yes.  One network adapter is being used.
(4) Do they same the same physical uplinks ---> Yes. No structural change I have made.
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
Did any part of the Symantec product get install on the TS server? Are you seeing any dropped network connects to the VM? Have you review the VM log files for this VM? Where any windows updates installed recently
0
 

Author Comment

by:sglee
Comment Utility
Did any part of the Symantec product get install on the TS server? ---> NO
Are you seeing any dropped network connects to the VM? ---> I don't know because I would not know where to go to check it out.
Have you review the VM log files for this VM? ---> where do I go to check the log?
Where any windows updates installed recently ---> it is set for "Never Check for updates".
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
use ping to the VM from remote location.
0
 
LVL 19

Assisted Solution

by:compdigit44
compdigit44 earned 250 total points
Comment Utility
The following link list all of the ESXi log file locations and their purpose:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004201

The specific VM log file are stored inside the folder of each VM if you have a standard built

For example: /vmfs/vmware/<vmname>/vmname.log

You can view this log files by connecting to you host via SSH or connecting to the console directly.

I hope this helps, I will try to check this tread later on, have to run to a meeting right now... ;-)
0
 

Author Comment

by:sglee
Comment Utility
@hanccocka
Here is the result from my computer pinging IP address of VM.

C:\Users\>ping xxx.mine.nu

Pinging xxx.mine.nu [24.123.xx.xx] with 32 bytes of data:
Reply from 24.123.xx.xx: bytes=32 time=41ms TTL=51
Reply from 22.123.xx.xx: bytes=32 time=46ms TTL=51
Reply from 24.123.xx.xx: bytes=32 time=180ms TTL=51
Reply from 24.123.xx.xx: bytes=32 time=41ms TTL=51

Ping statistics for 24.123.xx.xx:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 180ms, Average = 77ms

C:\Users\>
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Yes, did you do this from remote site?

and does it fail from the users desktop, at time of error.

indicating a network fault, which could also be internet, routing failure.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:sglee
Comment Utility
I just opened Event Viewer and saw one error and one warning in APPLICATION repeating itself thru out the day and every day on TS. There was no error in SYSTEM. I don't know if these are creating problems...
Event-Log---APP.doc
0
 

Author Comment

by:sglee
Comment Utility
Yes, did you do this from remote site? ---> yes
does it fail from the users desktop, at time of error. ---> I have not asked users to do it. They are hard to get response. They said that they can usually get right back to TS.
It seems that they get kicked out once or twice a day on average.
I have no way of knowing their network or routing ... so on so forth.

Assuming that there has been no change in remote user environment, it is happening too often.
Let me gather user's response as to how it went entire last week. That will tell me if NAV VM shutdown was any help.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
you need to establish if the ping stops, at the same time, they disconnect to rule out any network issue, or internet issue.
0
 
LVL 19

Assisted Solution

by:compdigit44
compdigit44 earned 250 total points
Comment Utility
from the remote site, open a command prompt and type in the following:

ping -t <tsservername> >c:\tsping.txt

Next open a TS session and work with it unti it kick you out.

Review te text file to see if there are any time outs when you session was dropped.

have you check your network switch for packet errors?

Did you review the Vmware log files: host, VM etc...?
0
 

Author Comment

by:sglee
Comment Utility
ping -t <tsservername> >c:\tsping.txt ---> this is a good idea. I will run it at the same time for comparison. Too bad it does not keep the date/time.

have you check your network switch for packet errors?  ----> I have not and don't know how

Did you review the Vmware log files: host, VM etc...?  ---> I have not.  

I am still waiting for remote users to get back to me with last week's statistics. I will keep you posted.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
You can download a trial of pingplotter that does log graphs with time and date!
0
 

Author Comment

by:sglee
Comment Utility
pingplotter ---> that is good to know. Thanks.
0
 

Author Comment

by:sglee
Comment Utility
Pingplotter is not "Free"?
0
 
LVL 117

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 250 total points
Comment Utility
PingPlotter is available in three editions - Pro, Standard and Freeware. See our feature comparison for a list of difference between these.

http://www.pingplotter.com/download.html

We use it all the time, at remote offices, to check and maintain links!

Latency is the killer with WAN and Internet Links, not Ping response!
0
 

Author Comment

by:sglee
Comment Utility
Thanks. I found it at the bottom of the page.
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
Sglee, could you upload the text file results of the ping test, vmware log or switch logs please so we can help you further. ;-)
0
 

Author Comment

by:sglee
Comment Utility
@compdigit44
I am running ping test on a remote computer. I will post TXT file tomorrow morning.
Just for the comparison, I will run from my office too.
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
I will keep an eye out for your reply today..
0
 

Author Comment

by:sglee
Comment Utility
@compdigit44
I just got two "ping test" results instead of one.
One thing I need to  tell you is that these remote users subscribe to cloud-based Terminal Server service. So first thing they do when they turn on their computer in the morning is connecting to off-site TS using Remote Desktop where they run Office Apps and other Apps. From that remote desktop session, they launch another Remote Desktop session to connect to my Terminal Server... so that you know.

I attached twoTXT files.
(1) From User computer - tsping_LisaPC.txt
(2) From User's remote desktop session - tsping_LisaTS.txt
tsping-LisaPC.txt
0
 

Author Comment

by:sglee
Comment Utility
Sorry, I pressed the wrong key after uploading one of two ping test files.
Here is the second one.
tsping-LisaTS.txt
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
so they have nested Terminal Server connections, not the best implementation!

which disconnects?

A ---> B --- C ?

A to B?

B to C?

Were they any disconnections during this record of pings?
0
 

Author Comment

by:sglee
Comment Utility
Were they any disconnections during this record of pings?  ---> I ran PING late in the evening after users have gone home. I should really run this test during the hours when they are connected to my Terminal Server, isn't it?

which disconnects? ---> They really do not connect to my Terminal Server directly because their printers are not setup on my Terminal Server. So they connect to my TS from their cloud based TS.
0
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
Ok, if I am understanding your setup. From workstation a user open a session to your cloud TS. From her they lauch another TS session???

Here is only remote possibility, I noticed the TTL value on your ping test were low at 56. Usually a windows destop ttl value is 128. My thought is since the user are connecting to a service over the internet they could be incurring delays in contacting the service. If the responce delay exceeds 56 ms. Then this could cause a drop out.

Just a thought...

Can you please run the following command and upload results:

pathping <tsconnectionname> >c:\pathping.txt
0
 

Assisted Solution

by:sglee
sglee earned 0 total points
Comment Utility
Sorry for a long delay ...
I spoke to a user and confirmed that the problem went away.
I am not sure if they said that because they did not want to run PING test that I suggested or not, but all of sudden they are not being kicked out of the RDP session anymore (or not as often perhaps???).

Assuming that I trust what the user said, I am not sure what action of mine fixed the problem:
(1) I shutdown the Win2008 virtual machine (on VMWare server) that was running Symantec End Point Protection Manager. This VM could have been resource hungry app that took away resources from the Terminal Server VM where a bunch of users connect to run an APP all day long
(2) In Remote desktop session, the users used to leave APP on the desktop (instead of closing the App when done for the day) screen before closing the session. So I asked them to close the App when they are done for the day and use "LOGOFF" instead of clicking X button from RDP title bar. Hopefully they are following my suggestions now.
(3) I changed "Idle Session Limit" to 1 Hour and "End a disconnected session" to 1 Hour as a part of troubleshooting a couple of weeks ago, but users complained that 1 hour was too short, so I changed "Idle Session Limit" to 8 Hours a few days ago.

Since the disconnection is not happening, according to users, I am going to close this case and thank you all for your help!
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
Any manner of things, such is IT!

Connecting back to a Disconnected Session can give a Protocol Error!

But hey, it's fixed, gone away, until next time....

if IT was perfect, we would not have jobs!
0
 

Author Comment

by:sglee
Comment Utility
So you think their rdp habit (leaving apps open, clicking X and reconnecting to the same session with apps already open) was the source of the problem?
If that is the case, they have been doing that for 2 years.
They started to complain about the same time when I set up a cm for Symantec.
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
It would be very difficult for us to confirm for sure, and even more difficult without a site visit.

Our Terminal Service setups for clients are disconnect and logoff at 60 minutes, this allows for users to be away for lunchtime for at least 60 minutes.

This also forces idle users off, and maintains licenses, we also reboot terminal servers daily, at 3AM.

Many different circumstances can cause the error message, in our Experience, users often never complain about issues, never log them, and then are not prepared to work with us with long standing issues (seem familiar) and then at the end of the year, SLA are missed anf fail, because a user complains to Management!

If they started to complain at the same time Symantec was implemented, this could be the issue.

Glad it's fixed, and that's what counts!
0
 

Author Comment

by:sglee
Comment Utility
True that!
BTW what is SLA?
0
 
LVL 117

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE)
Comment Utility
SLA = Service Level Agreement
0
 

Author Closing Comment

by:sglee
Comment Utility
To be honest, I don't know what fixed the problem, but one of these two: playing with session timeout settings on the Terminal Server or Shutting down another Virtual Machine recently setup to run Symantec End Point Protection Software.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

When we have a dead host and we lose all connections to the ESXi, and we need to find a way to move all VMs from that dead ESXi host.
Last article we focus in how to VMware: How to create and use VMs TAGs – Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now