This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN, RDP, internal error, TCP RST

Hello everybody,
I hope someone can help me with our problem.

Starting position:
Small terminal server farm consisting of 1x broker server and 2x terminal server.
Establishing a connection and working in the LAN is therefore possible without any problems. The employees receive an "internal error" from the SSLVPN network under the following conditions:

a) Ping on TS-Farm on workstation resolves to terminal server A, there is an ongoing session on terminal server B for the user:
> Here it takes 3, 4, 5 attempts that break off every time with an "internal error". Suddenly it works. The client then connects to terminal server B.

b) Ping on TS-Farm on workstation resolves to terminal server A, there is no ongoing session. However, the broker sends the client to terminal server B:
> Here it also requires 3, 4, 5 attempts that break off every time with an "internal error". Suddenly it works.

This can be solved as well if you do 3,4,5 times an ipconfig/flushdns and Ping resolves to the TS on which the session should be established.

Whenever the IP address of the terminal server is resolved to the one on which either a session already exists or a session is to be opened, it works without any problems. These problems do not exist at all in the LAN.

A wireshark showed that the terminal server to be connected to in scenario a) or b) sends a TCP-RST under these written circumstances. Reason unknown. I can't figure it out, all SOPHOS UTM settings have been checked multiple times.

Maybe someone has an idea for me why this could be ?!

All the best, CK



This thread was automatically locked due to age.
Parents Reply
  • Thanks, CK, I just wanted to confirm it was a message from the server instead of from the UTM.  If doing #1 in Rulz (last updated 2021-02-16) doesn't indicate that the UTM is blocking something, the problem almost has to be in the server and a Windows forum would probably get you better help for that than we here can provide.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data