SSL VPN
Reply
New User
tato386
Posts: 1
Registered: ‎04-02-2010
0

running WSAM client in terminal server session kills RDP service on server

We are a thin client based shop using Windows 2003 and Windows 2008 terminal servers to provide Office 2003 and a few lesser know applications to our employees.    Employees use WinXP PCs and Microsoft RDP client to connect to the terminal servers.

 

Recently we contracted with a vendor that uses Juniper WSAM V6.3 for VPN access to their system.  I thought that getting the WSAM client to work on the terminal servers was going to be a problem but surprsingly the install went well and our users begain to use WSAM to connect to the vendor with seemingly successfull results.

 

Unfortunately, things didn't stay well for long.  Soon after installing WSAM users begain complaining that they could not connect to the terminal servers.  This was confirmed by our IT staff.  We rebooted the servers and the problem seemed to go away but it didn't.  Now every couple of days the servers will randomly stop accepting client connections.  Users that are already connected continue to work but until we reboot the server it will no longer allow any new RDP connections.

 

After much troubleshooting I opened a case with Microsoft tech support.  They had me manually force a memory dump of the server while the problem was occuring.  Their analysis of the memory dump points to the file called NEOFLTR_630_14357.sys.  They say that this driver is not handling IRP requests correctly and preventing the server from access the terminal server licensing service and therfore the server does not allow new RDP connections to be established.

 

Microsoft would like me to upgrade this driver to the latest version or remove it.  I can't remove it because we need to access the external vendor data.  I can't upgrade because we are not Juniper customers and do not have access to download files from Juniper.  The vendor says they will not upgrade to V6.5 due to "compatibility issues". I think they simply don't want to upgrade and are merely using that as an excuse but I guess that's beside the point.

 

Anyway, what are my options now?  Is there some change I can make on my side to get this to work better?  Has anybody ever seen something similar?

 

Any input would be greatly appreciated.

 

Thanks,

Diego

 

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.