Solved

RDP Disconnects

Posted on 2014-04-11
9
188 Views
Last Modified: 2014-05-06
We are running Windows Server 2008 r2 Enterprise,    One of the roles is for Remote Desktop Services.    We run 2 terminal servers for our 2 branches. The access is also over a VPN tunnel. Each branch has their own router that connects back to us at the main branch  One server, started about a week ago or something causes the users to be disconnected.   They tell me they don't get any error messages, they just go back to their PC and the icon for the remote session is gone.... Nothing has changed in any settings.   They have to restart a new session and then get back in.    It has happened several times in a day.  They tell me it is all users when it happens.  
I have no idea where to start to see what is happening.  

I have tried finding something in the logs and don't see any specific warnings in the time frames,

Can someone give me some assistance on how to trouble shoot why this is happening?  Or other questions I should be asking the users to help pinpoint it?
0
Comment
Question by:bankwest
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 39995134
Do you have a host or network-based intrusion prevention system?  We see this kind of behavior when the rules have been tightened a little too much, usually without anyone bothering to mention that they are being changed.  And worst of all, when the connections are dropped "for security reasons" it never bothers to notify the users what has happened. It just looks to them like it is broken.
0
 

Author Comment

by:bankwest
ID: 39995138
We run Sonicwall routers and those have IPS running.     Ideas what I should look at since that could be the case.
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 39995264
Is there an administrator for IPS?  You could ask them to look at the logs to see if it is being blocked at the time the users are reporting a problem.   It is common for only the security administrators to have access to these logs, which makes it hard to debug this kind of problem.

When you say you have looked at the logs, do you mean that you have looked at the windows event logs on the Windows 2008 server?  I would do that first.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:bankwest
ID: 39995274
Yes, the logs on the server.

Reason your first comment made sense was our main location Sonicwall had to be reconfigured  (long story) and its possible we have missed something.   No backup config file.   Bet that don't happen again.  Now I am the one trying to figure out how to fix

I am as good as its going to get on admin for IPS.   I have looked at router logs and one branch has a lot of

Unknown Porotocol dropped  Src IP  10.0.0.2     Dst. IP 224.0.0.1

But I don't see that particular message on the other one.
0
 
LVL 11

Accepted Solution

by:
MajorBigDeal earned 500 total points
ID: 39995596
Based on that information it sounds like it might be a straight network configuration problem (possibly VPN related) rather than an IPS issue.   I didn't realize that the network was just reconfigured prior to the problem starting.  

What do the addresses 10.0.0.2  and 224.0.0.1 correspond to?
0
 

Author Comment

by:bankwest
ID: 39998979
I don't know and not sure how to find out????

I inherited this job and learning as I go.    So, sorry....but with some assistance I am willing to learn.  

If I ping -t      224.0.0.1, it comes back with IP address of 2 of my network printers.  Not sure why just those 2.    One is a Xerox 8560 and the other is a Sharp 453.   We have about 15 network printers.  Mostly HP.   But a few Sharp's and only the one Xerox
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 40000471
If you are going to be the IP network admin, then the first thing you need to do is figure out exactly what all the connections in your network are.  

So starting at layer 1, you would identify what is connected to every port.   This can be quite difficult on a large network but hopefully yours is not that big.   The first thing I would do is make a list of every device that you think might be connected to your network and what its IP address is (not all devices have IP addresses) and what its MAC address is (a device connected to an ethernet port has to have a MAC address).

Then I would look at the tables on the routers and switches and for every single port, identify a correspondence to ip and mac addresses.  There can be more than one address on each port.  I would give you the commands for this but I am not familiar with SonicWall devices so you'll need to do some trial and error.   Update the spreadsheet some more.  Hopefully the info you find will not conflict with the info you previously collected and your knowledge of your network will be increasingly comprehensive.

Now review the info and look for discrepancies.  Are there any ports that are in use but you have not been able to identify what they are for?  Are there any addresses configured in a device but you don't know what port they are on? Are there any addresses showing up in your network but you don't know the corresponding device?  Doing this, you might find some devices that you did not previously know about and you will learn the network structure.

Once you have a map of your network, you will be in a much better position to debug problems.  Getting back to your current problem, I would suggesting temporarily turning off the IPS for as short a time as possible in order to see if the problem still happens.  If the problem still happens then you have eliminated the IPS as a cause.  If the problem stops happening then you have identified where you can focus your debugging.  Either way you will move forward in the debugging process.
0
 

Author Comment

by:bankwest
ID: 40009786
MajorBigDeal

You recommended to make a list of every device that you think might be connected to your network and what its IP address is (not all devices have IP addresses) and what its MAC address is (a device connected to an ethernet port has to have a MAC address).

I do have this list.

I have not had time to really dig into the Sonicwall

I hope to make more progress next week.
0
 
LVL 11

Expert Comment

by:MajorBigDeal
ID: 40009932
OK, I don't think I'm going to be much help to you.    Perhaps someone with experience using a VPN on Sonicwall will drop by.   You might want to click on "request attention" and see if the moderators can bring someone more qualified into this question to try to help you.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question