dsaum

New Member
Joined
Jan 5, 2016
Messages
3
First and foremost, hello all! I'm new to the forum and it looks like there is a great wealth of knowledge here! Thanks in advance for all your help! Now.. onto the vexing issue I'm having..

I work for a large corporation and we maintain quite a large number of machines across the country. As some machines are left unused, they drop out of AD, and every so often I go in and remove accounts and shut the machines down so they basically unusable unless you have the admin account to boot them back up. The problem I'm having is that when I RDP into the machines, I can only stay connected for about 30 seconds or so, and the remote machine stops pinging and my session drops. The remote machine does NOT reboot or crash, it just stops pinging. After about 20-25 minutes, I can reconnect to it, and get about another 30 seconds or so, but the same thing happens again. When I do reconnect, all my previous windows are still open and the uptime has not reset.

Also, I thought it might be a security issue, so I tried disabling Symantec as soon as I get in, but that makes no difference. Any help would be greatly appreciated! Thanks!

Dave
 


Solution
I would test and see if you have this issue with a remote computer on the same LAN segment so that you can verify that it works. If it does than it's more than likely network related, such as a security appliance or firewall. An example and somewhat common issue is if you have SACK (Selective ACK) enabled for TCP the security appliance will modifythese SACK sequence numbers which is a security feature. This basically causes the connection to essentially turn it into a one-way communication because the TCP sequence is broken if that makes sense. If the local remoting works, you may want to try running wireshark on the remote computer and your computer and capture the RDP connection and disconnect. If you can get those I'd be happy...
I would test and see if you have this issue with a remote computer on the same LAN segment so that you can verify that it works. If it does than it's more than likely network related, such as a security appliance or firewall. An example and somewhat common issue is if you have SACK (Selective ACK) enabled for TCP the security appliance will modifythese SACK sequence numbers which is a security feature. This basically causes the connection to essentially turn it into a one-way communication because the TCP sequence is broken if that makes sense. If the local remoting works, you may want to try running wireshark on the remote computer and your computer and capture the RDP connection and disconnect. If you can get those I'd be happy to look at the network captures.
 


Solution
Thanks so much for your suggestion, but I just tried it and got the same result. Very aggravating! Again, I really do appreciate the help! :nerdie:
 


Are you able to provide a wireshark capture on both computers?
 


Back
Top