Cannot connect to Windows 2008 R2 Server via WyseS10 dumb terminal

Lourens van Dyk
Lourens van Dyk used Ask the Experts™
on
To whom it may concern

I have a strange problem at one of my clients.  When trying to connect via Wyse S10 dumb terminal, it would hang on screen as per attachment (RDP Connection Hang).  So no RDP session opens.

What I tried:
Connect via my laptop with RDP on same address and port and it will open the remote desktop session and I am able to log on.  

I can make a new connection on the dumb terminal to another Windows 2008 R2 server and it will connect without a problem.

Address that I use to connect:
129.205.133.147:3391
(RDP Connection Properties attachment, the attachment did cut off on the address, but the port is 3391)
Wyse Terminal System Settings:
(System Information attachment)

Server details that I connect to:
Windows Server 2008 R2 Standard 64-bit
Intel Xeon E5670 @ 2.27GHz
8GB Ram

Attached Remote Desktop Licensing Server Screen
(License Manager on Windows Server 2008 R2 Standard)

Server runs Kaspersky 10 Endpoint Security (Cloud version)

The terminals worked before, but after Kaspersky installation and reboot, the terminals did not want to connect.  This has been tested local on the network and now via the Public IP address.

Please advise and assist to sort out the problem and get the dumb terminals to connect via RDP to the server.

Please let me know if you require further details.

Kind Regards

Lourens
System-information.jpg
RDP-Connection-properties.jpg
RDP-Connection-Hang.jpg
License-Manager-on-Windows-Server-20.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
Since the dumb terminal connects to other server instances then the problem is not on the dumb terminal.  Since you can connect to the server in question then the problem is not caused by the server running out of licences or sessions.  Most likely, the problem is that the dumb terminal already has an active session on the server that is currently locked for one reason or another.

A reboot of the server will resolve the issue.  If a reboot is not feasible at the moment, you will have to go through each of your sessions to find the one linked to this dumb terminal.  It may be difficult though since your dumb terminal is logging in as administrator.  Usually I recommend creating a user for each dumb terminal so that these kind of issues can be quickly resolved.

-saige-
Shaun VermaakSenior Consultant
Awarded 2017
Distinguished Expert 2018

Commented:
We had issues with this too. If I remember correctly we upgrade firmware/embedded OS
Lourens van DykSenior Network Engineer

Author

Commented:
Hi it_saige.  Thank you for the response.  I did disconnect the sessions for administrator on the server and created a new account with permission to RDP to the server, but the problem still remains.  It will basically hang as per attachment (RDP Connection Hang) and later will say connection failed.  

As per Shaun Vermaak 's response.  The unit is out of warranty and I tried going to Dell's website to download the firmware, but you need to be  registered and have some sort of an agreement in place to be able to download the firmware updates.  So if you have an account or can send me the files or where I can download, then I can do the firmware upgrade.  Also I have not done a firmware on these units before so if you can guide me, that would be great.
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Distinguished Expert 2018

Commented:
If this is the case, then the only legitimate option may be actually replace the terminal. Those are devices that came out 10 years ago, so support isn't really going to be an option at this point. S10 EOL was announced 5 years ago. Some of the 3010s (which replaced the S10) have EOL announcements, so I'd say get the 3030, which at least would have you replacing the hardware with the right stuff and would currently be supported.
1) Don't even begin to expect it to work from offsite until it works locally!
2) The security protocols have radically changed since Wyse OS 6.5 came out so testing with another O/S isn't going to help either.
3) If it was working before Kaspersky, the hits I found were in changing the firewall settings for Kaspersky so it would allow the traffic; but, there is not enough information here to know the exact name and version of the Kaspersky product you installed.
Did you think of uninstalling it to see if it started working again?
And/or does the product offer you the option of a custom install without the firewall component?
Tom CieslikIT Engineer
Distinguished Expert 2017

Commented:
Double check on DC if user account you're trying use in connection has no limit to workstation he can connect from.
Lourens van DykSenior Network Engineer

Author

Commented:
Have checked with Dell and the support agent said that they do not support that unit any more and don't have the firmware updates.  They also advised that the units need to be replaced.  

The Kaspersky Version that we use:
Kaspersky Endpoint Security Cloud

Kaspersky Endpoint Security 10 - 10.3.0.6294
Kaspersky Security Centre 10 Network Agent - 10.4.368

The Firewall portion is disabled as they have a Sophos UTM in place.

Normal RDP works.  When I would remote desktop from my laptop, there is no problem.  Only from the wise dumb terminal, I get the problem.  Is there anything port or service that needs to be added for Wyse Terminal?  But on the otherhand one can connect with the UTM in place.

I connect with administrator and even created a new user to test.  No time limit is configured for the accounts that connect via RDP.
Distinguished Expert 2018
Commented:
Have you tried working with the Trusted Zone settings in Kaspersky? You'll probably have to add exclusions and trusted applications.

Your other choices would be to disable Self-Defense and Protection against external management, or to remove Kaspersky (which I doubt you want to do).

And to directly quote something from Davis: "Don't even begin to expect it to work from offsite until it works locally!"
You can try temporarily disabling "self-defense" in Kaspersky to see if that does the trick:
https://support.kaspersky.com/9399#block1
Lourens van DykSenior Network Engineer

Author

Commented:
Good day

The dumb terminals are now working.  After disabling self defense from Kaspersky Endpoint Cloud for the Server and then restarting the server fixed the problem.  I basically created a security profile that has the self defence component disabled and linked it to the server.  Tested remotely and works 100%.  Will install onsite tomorrow to connect locally.  Firmware still the same.  Will try to replace on next upgrade as the age of the units is too old, but for now we can squeeze a bit of life out of them.  

Thank you for all the support and assistance.  Much appreciated.

Kind Regards

Lourensvd

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial