Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Terminal Service session interrupts/disconnects 2

Status
Not open for further replies.
Nov 20, 2003
51
DK
To provide external workers with office application functionallity we configured a Windows 2000 Terminal Server in application mode as well as port forwarding in our firewall to forward external TS connection attempts to this server.

Establishing the Server connection from the Internet works without any problems. Working with the TS gives also no reason for complain - but, when the user switches over from the TS destop to his own workstation desktop (ALT-TAB) the TS session is interrupted (not disconnected and still shown as active in TS Manager) and worse yet, a new connection attempt opens a new TS session.

All timers have been disabled in TS configuration and are set to override user settings.

Any idea's ?

Thanks for your help
Markus
 
Terminal Services Configuration - Server Settings - Restrict Each User to One Session. Make sure that is set to YES. That way, they won't be able to start a new session.
I know that doesn't answer the question of why they are getting disconnected when they ALT + TAB. Not sure about that one.
 
Thanks for the advice, but that would prevent the user from logging on again unless the old session has been reset by an administrator and that means plenty of work for me.. :-(

I just got additional information that the disconnection doesn't have to be "triggered" by ALT+TAB - sometimes it happens just of it's own while working.
 
You could change the settings to automatically reset a disconnected session after x amount of minutes.

But the bigger problem seems to be why they get disconnected in the first place. If it is happening to more than one user, then the problem lies on the server end. Possibly hardware? Maybe a faulty NIC on the server, a firewall/router setting, etc.
 
We have a Checkpoint Firewall that drops TS sessions after a couple of hours, how frequently are your disconnects happening?
 
Thanks pgaliardo for the advice but I rather would keep the users connected instead of also interrupting the application they have been working with :)

We experienced that users stay connected no matter what when establishing a connecetion from our internal network or over a VPN connection. So, yes I think we have to take a deeper look at the Internet part.

NickFerrar, how did you modify your firewall port settings maybe there is a port or idle time setting which I missed?

On the other hand, are there any additional idle time settings on the server or client to disconnect the client?
 
Markus,

The fact that Internal users are fine seems to indicate that your server settings are OK, so I wouldn't touch it. Definitely seems like a firewall setting. What type of router/firewall are you using? Perhaps there are logs you can check as to when RDP packets are being dropped. Maybe it will give some clue as to what is happening.
 
pgaliardo, thanks for staying tuned into this nightmare... we are using a SonicWALL firewall, and yes I also think the problem resolves from some misconfiguration, missing settings or bug within the firmware of the box. Unfortunately I'm not able to check on it before monday. I will keep you informed...
 
This could happen if your IP is refreshed from the isp.
G8orade
 
are they securing the connection with a vpn tunnel and then connecting via rdp? Mine does that also, but I've just hashed it off as a firewall burp. doesn't happen when I'm RDP'ing via a unsecure connection. i think this has to do with the vpn tunnel sleeping or being reset.
 
No, we don't use a vpn tunnel for this type of connection, but we just found a vpn time-out setting onthe Firewall which normally shouldn't have influence on this connection but seems to solve the problem.

Thank you all for your help in this matter.
 
TS is known to have this problem when there is a loss of connection, it is a right royal pain in the aaarrrsse. It has been fixed in 2003 but that is no good to you.

One tip you can give your users is to click the X at the top of the session to create a "clean" disconnection. This will at least allow them to reconnect to their session.

You can also improve things by tweaking their rules on disconnection, idle and active session limits. BUT take it easy here, test out the setting on an AD profile first.

Can't solve your firewall problem except to say that there is a lot of latency differences when you use the internet, so timeouts need to be high everywhere (the problem may be beyond your control).

Also you SHOULD be using a VPN to avoid "man in the middle" security exploits.

They can use windows to connect to your VPN manually or you can get their ADSL routers to join your VPN by default assuming they have a decent ethernet router (e.g. Draytek).

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top