Thanks for reading my questions, this forum is my last resort as I am out of ideas.
We have users that connect to a remote server outside of our network to perform some admin tasks and everything has been working fine until a few weeks ago. Users started complaining that their RDP session keeps freezing then drops completely with the error message "Your remote desktop services session has ended. The connection to the remote computer was lost, possibly due to network connectivity problems." I have tested this from multiple PCs and from multiple locations with the same result. The following was captured with Wireshark hopefully someone can shed some light on what's going on.
Well, 5 packets out of a complete stream is not a lot to go by when trying to find the source of the problem. But here goes anyway :-)
Assuming you captured near the client and that your capture and display filters did not filter out the packets coming from the server (you did see server packets earlier in the trace, didn't you?), then I would say that indeed the connection to the RDP server is interrupted. The client keeps sending data and retransmitting it, but it does not get a response (not even by an ACK at the TCP level) and finally shuts down the connection, which results in a TCP RST in frame 4246.
You might want to capture data on both the client side and the server side to verify that all packets do arrive at the RDP server.
I suspect there might be a statefull device (Firewall or LoadBalancer or similar) that might have dropped the session and now blocks traffic. What devices are on the path from the client to the RDP server?
answered 20 Dec '12, 02:50