none
IAG RDP connections getting disconnected RRS feed

  • Question

  • Hi All,
            One of my customer is having IAG (celestix's WSA3000) and he has published a number RDP applications (i believe he has 20 -25 RDP) using the template "Microsoft windows XP/Vista Terminal Services client" from "Client/Server and legacy application ".

    When the users are accessing the RDP application it is working fine for a couple of minutes say 20 minutes sometime 30 minutes and then it is disconnected.

    I have taken a network monitor capture from the client and from the IAG while replicating the issue and it seems the IAG is resetting the connection.

    Any help on this will be much appreciated.

    Thank you,
    Regards,
    Ganeshkumar R  
    Wednesday, September 9, 2009 12:47 PM

Answers

  • Hi Ganeshkumar,
    Session disconnects is not unusual for remote connections, as home connections are prone to frequent service disruptions. When a service disruption occurs, the RDP session gets disconnected and there's not much you can do about that. If the home users are using a wireless network, then it could benefit from boosting the network quality (by moving closer to the router, eliminating background noise, or even switching to a wired network), but ultimately, we need to accept the fact that home connections are unreliable by nature (which is why you pay $30 for a 7 Mbit connection, compared to hundreds of dollars for a T1 that's much slower).

    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Friday, September 11, 2009 6:45 PM
    Friday, September 11, 2009 6:45 PM

All replies

  • Hi Ganeshkumar,
    Session disconnects is not unusual for remote connections, as home connections are prone to frequent service disruptions. When a service disruption occurs, the RDP session gets disconnected and there's not much you can do about that. If the home users are using a wireless network, then it could benefit from boosting the network quality (by moving closer to the router, eliminating background noise, or even switching to a wired network), but ultimately, we need to accept the fact that home connections are unreliable by nature (which is why you pay $30 for a 7 Mbit connection, compared to hundreds of dollars for a T1 that's much slower).

    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Friday, September 11, 2009 6:45 PM
    Friday, September 11, 2009 6:45 PM
  • Hi Ben,
              Thanks a lot for your reply. I do agree with you that home connections are unreliable by nature. But I have checked this on a remote session (Gotomeeting session) and the RDP connection is disconnected within five minutes. I have done this test from my office network through a wired connection. Exactly what is happenning is after logging into the portal, i am able to access the RDP application which is published but after 5 minutes the RDP connection becomes unresponsive and it is disconnected. When it is disconnected a window is popped up with the error message "SSL VPN CONNECTION CLOSED - SERVER NOT RESPONDING".

    After the RDP connection is disconnected if i try to access it again then i am able to access and again the same problem. I have uploaded the screenshot of the error message on the below link:

      http://www.4shared.com/file/132237766/f74755cd/5429-error.html

    Please let me know your suggestion.
    Thank you,
    Regards,
    Ganeshkumar R
    Saturday, September 12, 2009 7:38 PM
  • Hi,

    Can you RDP directly without IAG in the middle and test the results of disconnection if you get the stable connection ?

    thanks,
    Faisal :>
    Monday, September 14, 2009 10:47 AM
  • Hi Faisal,
                Thanks a lot for your reply. If I access the RDP servers locally or from IAG box it is working fine without disconnection. Disconnection is happenning only when accessing through the portal. I have taken logs such as network captures, IDP (IAG all Data Packager), client traces. Please let me know your suggestion.

      

    Thank you,
    Regards,
    Ganeshkumar R
    Monday, September 14, 2009 10:53 AM
  • Just ensure that Socket forwarder is not dropping. May be check for any possible reset on the client end when connection is established. ensure whats on the WinSock stack on top order in NSP/LSP on the client machine. This might give you clues.

    thanks,


    Faisal :>
    Monday, September 14, 2009 10:57 AM
  • One thing to check is your current session timeout values.  In particular check your setting for inactivity timeout.  See if this value is close to the time that you see a disconnect.  If so, within the application settings you can check the "Ignore this application in inactivity timeouts" (I think that is the phrase). 

    Hope this helps.
    Thursday, October 8, 2009 7:14 AM
  • Hi Ganesh

    We have this exact same issue.  I'm using WSA6000's and have had the issue for going on 9 months with no solution.

    Ben is actually work with me to attempt to resolve.  I've worked with several of the Celestix support team as well on this but it's never been resolved.

    Our symptoms are nearly identical though.  RDP disconnect after 20-30 minutes and usually it's right at the ~20 or ~30 mark too, so much so that I start looking for it at those times and usually get it.  It has nothing to do with idle timeout - my users get it from home, and I can duplicate it from a workstation connected to the same switch as the WAN interfaces.  It happens even when I'm actively using the RDP session.
    This has happened with with 4 different WSA6000's - we own 2 but each has been RMA'd back to Celestix in less than a year for hardware issues :(
    We've also tested a IAG virtual machine in hyper-v and it does the same thing.
    the time to dropping the RDP session seems to increase somewhat in the evening time when our network load is less - then you get dropped within 1.5-3 hours but during the day it's consistently 20-30 minutes.

    Interestingly, when your RDP session drops and you get the disconnect icon blinking on your grayed out RDP session with the countdown, if you switch back to the IAG browser page and launch another RDP session - you dont even have to connect to anything - and your previously dropped session resumes where it left off.

    seems as if the network connector (and this was explained to me) that handles tunneling the RDP session on port 3389 times out for some reason, and drops the tunnel (thus dropping your RDP session), clicking the RDP link again in IAG resumes the tunnel for 3389 and your broken session recovers.
    I understand the issue with home networks, but the fact is - I absolutely never have had this issue with 1) cisco vpn client (havent used anyconnect yet) or 2) firepass ssl vpn.  IAG is the only product that I've had this issue with.  This is why I still suspect something with the network connector design (software) - to me, a product made with remote users as it's primary function should be as latency tolerant or interruption tolerant as possible.

    I'd be interested if this is being looked at with regards to UAG (I could see a delay or even reluctance to correct issues with IAG if UAG is its intended replacement soon, since the development resources are probably all focused there (UAG) but IAG was supposed to be our replacement for hundreds of users for the cisco client and now they have little confidence in it and have gone back to using our cisco client aside from about 20 or so users who tolerate the constant disconnects)  I'll definitely update here if we come to a solution!
    Tuesday, October 20, 2009 4:32 PM
  • Our company has also experienced the same random network drop problem with the IAG SSL VPN.  Our users report frequent network drops during their SSL VPN session, even when using robust wired and wireless Internet connections.  Microsoft technical support has tried to be helpful, but the best resource we've worked with himself calls IAG "flaky."  The next-generation UAG apparently suffers the same network drop issue, since the software runs on the OSI Layer 4 Session tier.  We strongly recommend not adopting IAG or UAG if you are looking for a reliable solution that does not ramdomly cancel remote network sessions. 

    Monday, February 8, 2010 5:26 PM
  • I have been called out to a customer with the exact same problem today, so I would just search for a solution. But it's apparently not found here!! Are there any IAG/UAG MVP's with a solution. Suggestions are appreciated.
    Tuesday, April 20, 2010 8:11 AM