Loyall
asked on
Pulse secure VPN: after sudden disconnect from RDS, unable to logon again
Hi,
Situation:
RDS 2012 R2 farm.
Remote users are logging in, using the Pulse Secure (Used to be Juniper Junos Pulse) VPN client.
After setting up a connection to our internal network, the users use a .rdp file to connect to the RDS gateway.
This works fine, performance is great.
But....
Randomly we receive calls from external user who are complaining about the following:
There are two versions:
-------------------------- ------
1. A user sucessfully connects using the Pulse Secure client, logs on the RDS farm and after some time, while being at work, the session seems to freeze/ disconnect. After this happends they are no longer able to log on and receive an error:
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect.
Type a valid Remote Desktop Gateway server address
After waiting some time, and trying to connect, out of the blue they can connect.
2. Users are starting to work, make connection to our internal network and try to start an RDS session.
They receive the same error and after a while and some tries they can connect.
-------------------------- ---------- ---------
We only have a few external users during day-time. Somewhere between 5 -10 users.
I've have connected to the users laptop using Teamviewer, to see what's going on.
Even while they are succesfully connected, i'm not able to ping our Domain controller by hostname or IP.
I cannot ping our gateway by hostname or ip as well.
When the user successfully can connect, i get a reply to my pings.
Internally we don't see this behaviour, so i'm guessing it must be the Pulse Secure... ?
Anyone, any ideas ?
Situation:
RDS 2012 R2 farm.
Remote users are logging in, using the Pulse Secure (Used to be Juniper Junos Pulse) VPN client.
After setting up a connection to our internal network, the users use a .rdp file to connect to the RDS gateway.
This works fine, performance is great.
But....
Randomly we receive calls from external user who are complaining about the following:
There are two versions:
--------------------------
1. A user sucessfully connects using the Pulse Secure client, logs on the RDS farm and after some time, while being at work, the session seems to freeze/ disconnect. After this happends they are no longer able to log on and receive an error:
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect.
Type a valid Remote Desktop Gateway server address
After waiting some time, and trying to connect, out of the blue they can connect.
2. Users are starting to work, make connection to our internal network and try to start an RDS session.
They receive the same error and after a while and some tries they can connect.
--------------------------
We only have a few external users during day-time. Somewhere between 5 -10 users.
I've have connected to the users laptop using Teamviewer, to see what's going on.
Even while they are succesfully connected, i'm not able to ping our Domain controller by hostname or IP.
I cannot ping our gateway by hostname or ip as well.
When the user successfully can connect, i get a reply to my pings.
Internally we don't see this behaviour, so i'm guessing it must be the Pulse Secure... ?
Anyone, any ideas ?
ASKER
Hi Qlemo,
Thank you for commenting on my question !
The connection is "up" the whole time. I've double-checked that.
The internet connection is still available as well. I can look at the user's desktop, using Teamviewer.
Disconnecting the Pulse Secure client and connecting again, do not solve the problems.
Because we are using VPN, we don't have a thing like public ipadress for the gateway.
I cannot ping the LAN address of the gateway during the time of trouble.
When the difficulties are over, i am able to ping it and get a reply.
Company policies do not allow me to connect directly from the internet to the gateway.
Thank you for commenting on my question !
The connection is "up" the whole time. I've double-checked that.
The internet connection is still available as well. I can look at the user's desktop, using Teamviewer.
Disconnecting the Pulse Secure client and connecting again, do not solve the problems.
Because we are using VPN, we don't have a thing like public ipadress for the gateway.
I cannot ping the LAN address of the gateway during the time of trouble.
When the difficulties are over, i am able to ping it and get a reply.
Company policies do not allow me to connect directly from the internet to the gateway.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Qlemo,
Thank's for giving it some thought !
I'll dive into it en let you know !
Thank's for giving it some thought !
I'll dive into it en let you know !
ASKER
For now, it looks like McAfee Access Protection is the cause of our problems.
I've downloaded the client logs from a user who had problems.
At the time of the start of the problems in the Application Eventlog a couple of lines like this one appear:
Access to object C:\Users\Username\AppData\ Roaming\Pu lse Secure\Setup Client\dsmmf.exe was blocked by rule User-defined Rules: Monitor creation of new folder in %appdata%.
Se apparently the user has an older version of the client and receives from the Pulse Secure controller a signal that it has to be updated, which is not possible due to a strict implementiation of McAfee Access protection.
I've downloaded the client logs from a user who had problems.
At the time of the start of the problems in the Application Eventlog a couple of lines like this one appear:
Access to object C:\Users\Username\AppData\
Se apparently the user has an older version of the client and receives from the Pulse Secure controller a signal that it has to be updated, which is not possible due to a strict implementiation of McAfee Access protection.
Are you sure the Pulse connection is really up when everything fails?
Is the public IP of the gateway reachable by ping?
Did you consider using RDS Gateway with direct connection (without VPN)?