locked
What is the proper method to terminate connections from the server side? RRS feed

  • Question

  • I have a user who get's connected and 10-15 seconds later the connection just ends.   I check his local event viewer and it shows that the IP being requested is being denied as it is in use and a new IP is not being assigned.   I then checked the Web Monitor and see that this user has about 15-17 sessions.   I've tried to terminate then but that is not working.  Meaning they are not being terminated and are still aculamating time.   Now, maybe becuase this is a 2 device array and 7 sessions are on one device and 8 are on another .... ?    I attempted the same from a standalone IAG and it seemed to work.  (Well I had 2 sessions and I cleared 1 and the status did changed.)  The statuses are not changing for these.   Any help would be greatly appreciated.
    Saturday, September 25, 2010 12:16 AM

Answers

  • Hi,

    It seems to me that this issue is resolved, so I'm marking the question as resolved. If this is a misunderstanding on my part, please unmark it.

     


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, October 25, 2010 9:27 PM
    Monday, October 25, 2010 9:26 PM

All replies

  • Are these DirectAccess connections?

    Thanks!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Monday, September 27, 2010 2:34 PM
  • Yes.   I believe so.   I apologize for being so new to the technology but the user's are setup to login a UAG Web Portal and then they start the SSL connection.    This users gets connected for about 10 seconds and then it just ends.   I check the event viewer and see that the DHCP portion is failing due to the IP being used and he can't get/stay connected.    I then checked the Server and see that there were about 15-17 authenticated sessions and each time I click on terminate, I get the confirmation and then the screen refreshes to show me tha the connections are not being dropped....?

    Yet, I was able to terminate my single connection...?   So, the process works but I'm not sure why not on his.

    This  might come across as a second question but when you say DirectAccess, what else is there?

    Monday, September 27, 2010 4:26 PM
  • It sounds like you're more interested in the SSL VPN server component of UAG and not the DirectAccess feature set.

    To learn more about DirectAccess, check out:

    http://www.microsoft.com/windowsserver2008/en/us/directaccess.aspx

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Tuesday, September 28, 2010 3:44 PM
  • Actually you have posted to the right forum, since this is the forum for "all things UAG", whether web publishing, SSL VPN or DirectAccess.

     

    To terminate a session on the UAG server side, launch the UAG Web Monitor, click on the number representing the Total Sessions for a trunk, and then scroll all the way to the right and click on the Terminate button for the selection you want to disconnect.

     

    HTH,

    -Ran

    Tuesday, September 28, 2010 11:31 PM
  • Ryan,

    Thanks.  I did that.  The page refreshed and the sessions were still there.   As of today they are gone but I think someone may have restarted the services or something becuase the numeber of connections are way down and all of this particular users sessions are gone.   Now, a co-worker stats that the hung 17 sessions should not matter as we have a 10000 user limit and there were only a couple thousand on at the time.     When I looked at the users Event Log it show where the IP being requested from the session was denied and he had trouble being issue a different one....

    Wednesday, September 29, 2010 2:38 PM
  • Hi,

    It seems to me that this issue is resolved, so I'm marking the question as resolved. If this is a misunderstanding on my part, please unmark it.

     


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, October 25, 2010 9:27 PM
    Monday, October 25, 2010 9:26 PM
  • BTW - since I asked if this was a DirectAccess connection, I'll answer it as if it were :)

    If you want to make sure that you block out your DirectAccess clients (stolen notebook, etc), you need to:

    • Disable the computer account
    • Reset the user's password
    • Disable the user account

    Actually, if you reset the user's password, you don't need to disable the user account. I prefer the password reset, since when you do that, the user can still access resources through web interfaces (OWA, UAG portal, etc) with the new password that you give the user over the phone, over TXT or whatever.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Thursday, October 28, 2010 2:35 PM