Terminal Server 2K3 connection drop over VPN 1

[MattStar]

Hi,

We have a problem here with TS2K3 dropping all our connections at our remote office. All connections get dropped and users can't log back into TS again. However TS users who are located on the same network as the TS aren't affected. Computers at the remote site can still ping the TS server by name and IP address without Packet Loss.

The only way to get the remote users back on is to restart the Terminal Server - then it allows everyone back on! I have seen other posts with similar issues to this mention about checking firewall settings as firewall might think that we are being attacked but surely the system wouldn't work at all if that was the case. Also the connection is up for about a week and then goes down.

The Server has all patches required, there are no suspicious events in the event log so i'm at a loss as to what to do.

Any help / suggestions would be most appreciated.

Cheers,

 

[rayen99]

Hmm ouch that sounds like a tough one. One thing I might try doing is after the TS screws up and drops all outside connections try to telnet or netcat into the TS port. Which I think is 3389, but check your settings. Is the port open? Also how do users connect in from the outside, directly to the TS or through a VPN?

 

[adcfaq]

did u implem sp1?

 

[rayen99]

Oops sorry about the VPN question, duh. helps to read the titles sometimes.

 

[MattStar]

Hi,

Next time it goes down I will try to telnet the TS port and see about that. The VPN is an IPSEC Tunnel between 2 Firebox Firewalls which renegotiates every 10MB sent or 24 Hours (whichever comes first but usually the 10MB). I've checked to see if it comes at one of these negotiating times but there isn't any consistency in when it stops accepting connections from our remote office (as far as I can make out).

I've applied SP1 and any other patch that's on MSUpdate using the correct method (switch user to install, use update feature in add / remove programs). They were applied from the start of using the system but the problem has also been there since the start of the system!

Cheers,

 

[rayen99]

Is it possibly being trigged by the number of users logging in (or high activity)? If you can, maybe try locking everyone out and leaving only one logged in user to see if it still drops you.

 

[ebc70]

I have basically the same issue, although its not with Terminal server, but with Exchange 2003 server. We have a remote site that is connected to us via a vendor provided VPN connection (T1). From time to time I will get a call from the remote site stating that the users that connect directly to our Exchange server can no longer connect and the persons that connect to the Exchange server at the remote site can no longer get e-mail from the Internet. (We have 2 exchange servers one local and one at the remote site, but users that moved to the remote site still connect back to here for their e-mail)

When they can no longer connect I have TS'ed into a server at the remote location and pinged the local Exchange server, telneted to port 25, and telneted to ports all worked fine.

So on the local Exchange server I did a netstat to see if there was anything weird. The only thing out of the ordinary was a Time_Wait for a client address that didn't exist. It was in the correct network address (for the remote site) but it was an address that wasn't currently in use.(Couldn't ping it from either network)

After rebooting the Exchange server every thing is working again, the server is fully patched.

This behavior started about 2 weeks ago, before that we never saw this issue.

So my guess is its more with the Operating System than Terminal Services or Exchange Services since we both seem to be having the same issue.

If/when I find more information I'll post it....

 

[MattStar]

Well I've tried everything and recently the server went down at lunch time which gave me an ideal time to have a look around and try to rectify the problem without restarting the server.

I tried telnet to the TS port 3389 and I can still reach the port from the remote site. I can also still connect to resources on the server - in fact it seems to be running perfectly apart from not accepting the Terminal Server connections.

I checked all the user entitlements and we are still within our limits so it's not a licence issue.

I tried restarting the RDP on the server but it still wouldn't accept the connections which leads me to believe that it is also something to do with the operating system.

Just out of curiousity I am running a HP Proliant ML350 - What machine are you running it on.

Well it's not really a fix but more of a workaround this one but I have created a scheduled task to run a batch file every Saturday night at 11.00pm with the code "shutdown -r" in. This now restarts the server every weekend while nobody is using it and will hopefully mean no more down time as the server only seems to stop accepting connections after about a week or so.

 

[ebc70]

I'm running on a Dell PowerEdge 4300 with 1GB of ram and Dual P-III 550's. I've had some more disconnect/can't reconnect issues and took that chance to see what I could find out.

Workstation connected via VPN and workstation IP address was in the same network range as the Exchange server. For example 192.168.xxx.xxx/255.255.0.0 as network .. the Server would be 192.168.1.100 and workstation would be 192.168.2.100.

I could ping the server, and the server could ping the workstation. I could telnet to port 25 from client to server and connect and send a message.

But when trying to connect from the client to the server using Outlook it would fail, AND running netstat -n on the server didn't show a connection to the client when trying to connect with outlook.

After rebooting the server the client could connect fine, and netstat -n showed the client with a connection.

Eric

 

[compuwiz]

If you guys are having problems with Windows Server 2003 and VPN's take a look at Microsoft Security Update MS05-019 or Article ID: 898060. It may solve your problems. We are having similar issues here and have applied this update. So far all seems good !