SRX Services Gateway
Reply
Visitor
Bhisham
Posts: 4
Registered: ‎12-26-2010
0

RDP,OUTLOOK get dissconnected!!!

[ Edited ]

Hi ALL,

 

I am new to Juniper and first of all i wud like to say HI!!! to all.

 

 

I am stuck in problem!!! i have SRX 240 Series Juniper gateway.

 

SRX 240 is a gateway for a Vlan (which is on my core switch) Issue is OUTLOOK and RDP get dissconnected very frequently. This issue is coming in Windows 7 OS PC's, earlier it came in XP also but after Stoping OS firewall it started working fine.

 

Has somebody faced the same problem? Please help!!

 

All protocols, services are allowed through SRX eventhen this issue is happenning.

 

Thanks

Bhisham

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: RDP,OUTLOOK get dissconnected!!!

[ Edited ]

Hi,

 

what JUNOS version do you run on the SRX 240? There have been issues reported that the ALG for remote procedure calls cases problems on certain versions of JUNOS. As Outlook communicates with Exchange through the MAPI interface that is based on RPC, this could explain your problems.

 

Try to disable the MS-RPC ALG with this command in configuration mode (+commit):

 

 

set security alg msrpc disable

 

 

In general, I would highly recommend to upgrade to JUNOS 10.2 R3. The RDP drops are not so easy to explain. Are the clients disconnected while working or where they idle for some time? Because the SRX drops sessions after (usually) 30 minutes inactivity. This is by intention to prevent session table overflow from deprecated sessions. If this is the case, you could increase the timeout value in the application object, e.g. by

 

 

set applications application RDP destination-port 3389 inactivity-timeout 86400

 

 

and using that application in your policy or you could enable RDP keep alives in group policy (or registry) what keeps the session alive, even if the user is idle for some time.

 

If the disconnects happen when the user is working, a more advanced analysis might become necessary.

 

Kind regards,

Dominik

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Visitor
Bhisham
Posts: 4
Registered: ‎12-26-2010
0

Re: RDP,OUTLOOK get dissconnected!!!

[ Edited ]

Hi Dominik,

 

Thanks for all information!!!

 

 

SRX is running with JUNOS Software Release [10.0R3.10] and MSRPC is already disabled but still having the same problem,

 

When i try to connect any system from this Vlan it gets dissconnected whitin 1-2 minutes and it is when i am working on system, after disabling firewall on windows 7 still its diconnecting but not so frequently, same problem came on XP desktop as well but after stoping firewall services it started working fine.

 

Please let me know what do i do.

 

Regards,

BHisham

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: RDP,OUTLOOK get dissconnected!!!

Just a supplemental. Here is a link for enabling RDP keep alives, if that is the problem (posting from Sean, starting with "hmm ... attention to detail .... thankya ColdRain :smileyhappy:"):

 

http://forums.whirlpool.net.au/archive/391282

 

The reason by the way why subsequent RDP packets are dropped if the session has been close due to inactivity although they would be permitted in general is, that the SRX expects a TCP session start properly with the 3-way handshake SYN,SYN+ACK,ACK. A packet from a session that is already established from a client's perspective doesn't have the SYN flag set and is therefore dropped by the firewall.

 

This behavior could be changed by issuing this command:

 

 

set security flow tcp-session no-syn-check

although for security reasons, I would not recommend and prefer to either increase session timeout for RDP or enable the keep alive.

 

Regards,

Dominik

 

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: RDP,OUTLOOK get dissconnected!!!

Hi,

 

first I would in general recommend to upgrade to 10.2 R3. Lots of things have improved with that release, so before we invest hours into debugging, give it a try.

 

If the problem persists, I suggest to enable flow debugging for a client to see, what happens to the packets. You can do this by issueing these commands (import them by load patch terminal and then paste the lines from here):

 

 

[edit security flow]
+    traceoptions {
+        file flow.debug;
+        flag basic-datapath;
+        packet-filter filter1 {
+            source-prefix 10.1.1.1/32;
+            destination-prefix 10.1.1.2/32;
+        }
+    }

You can of course change the filename as you like, as well the filter name. As source and destination prefix I suggest to provide the IP of your client and your server respectively and of course in case of RDP, to include a filter for destination-port 3389.

 

Then we can have a look what happens between your client and your server. In addition, it might be usefull to get a packet trace from Wireshark on your client because it will give us the most insight of what happens on the wire.

 

Regards,

Dominik

 

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Visitor
Bhisham
Posts: 4
Registered: ‎12-26-2010
0

Re: RDP,OUTLOOK get dissconnected!!!

[ Edited ]
  • Hi,

 

Ok fine!! I will upgrade it and get back to u :smileyhappy:

 

Regards,

bhisham

New User
Yurax
Posts: 1
Registered: ‎12-13-2012
0

Re: RDP,OUTLOOK get dissconnected!!!

Hi Bhisham, How are you fellow?

Do you solved the problem with RDP's connections?
I've the same problem in my customer that purchased a SRX100H.

Could you tell me what you do to solve it?

Thanks!

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.