RE: ISA timing out outbound TermServ Session?

Hi Jim,

Thank you for posting in SBS newsgroup.

To narrow down the problem, would you please help me collect the following
information?

1. Do you mean you are connecting to Juniper TS system from home
workstation using the dsTermServ software or you are establishing SSL VPN
connection from the remote workstation to the home workstation?
2. Do you mean the issue does not exist before upgrading to version 5.3?
3. You said "The VPN session stays connected", do you mean the TS session
is established with the VPN tunnel?

Currently, please try the following steps:

1. Increase the value of Connection Limits from 40 to 160 on ISA 2004:

Open the ISA Server management console, navigate to Configuration->
General-> Define Connection Limits-> Connection Limit-> Limit the number of
connection-> Connection limit per client (TCP and non-TCP).

2. Disable the Firewall client on the workstation which is using Juniper
SSL VPN.
3. I suggest you put the remote workstation to the perimeter network which
bypasses the ISA Server and try establishing the SSL VPN to the home
workstation, will the TS session time out?
4. Collect the ISA info and ISA log:

1) Download the file from the following URL:

http://www.isatools.org/isainfo/ISAInfo.zip

2) Extract all files to a folder on ISA server
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-crinal@xxxxxxxxxxxxxx

Please also help to gather the ISA logs:

1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem (initiate an SQL access), stop the service, and
then gather the resulting W3C files to me for analysis.

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Jim G" <Jim G@xxxxxxxxxxxxx>
| Subject: ISA timing out outbound TermServ Session?
| Date: Thu, 31 Aug 2006 13:32:35 -0400
| Lines: 28
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <uXilzNSzGHA.4576@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: station.aici.com 162.95.80.214
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:294444
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I've asked this in several ISA groups but have not received any responses.
|
| Could my ISA2004 SP2 be causing my outboud Juniper Networks SSL VPN
| workstation-to-workstation terminal servcies connection to timeout after a
| few short minutes of inactivity? The VPN session stays connected, my
| terminal services session (dsTermServ Module) made with the Juniper TS
| system times out.
|
| The Juniper system I'm logging into was recently upgraded to version 5.3.
My
| connection to the earlier version (4.x) never timed out. Now, I minimize
the
| TS (remote desktop) window, come back in several minutes and find that the
| TS session has timed out. I get the blinking one inch square disconnect
icon
| in the upper right corner.
|
| Here's the network:
|
| home workstation---ISA2004SP2 (SBS2003)---router---Internet
| device---WAN---corporate LAN with Juniper SSL VPN---remote workstation
|
| The kind folk at Juniper have not been any help. I have not made any
changes
| to ISA or AD between the two versions of Juniper dsTermServ.
|
| The ds_TermServ application is already an approved exception on my home
| workstation firewall. Where can I see what ISA is doing?
|
| Jim G
|
|
|

.

Relevant Pages

  • Re: remote location with no DC, need access to local share when DC
    ... When the DC is unavailable the workstation gets the error "this device ... already in use and the connection has not been restored". ... The views expressed, are my own and not those of my employer, or Microsoft, ... or anyone else associated with me, including my cats. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Changing Workstation ID in an adp
    ... ES> set when the Adp file is opened, but once it's there opening that adp ... ES> from another workstation does not change that value, ... VADIM, compiled it into ADE, and deployed on user's machine. ... you found out the connection shows VADIM as the host name. ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Connecting a remote workstation to a domain
    ... Even setting up a low end workstation in the ... I have also selected not to dial an initial connection before ... remark that you will have to reboot the workstation. ... After the login script has finished and if you have Premium, ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Web Workplace Issue
    ... Are ports 4125 and 443 forwarded to your SBS NIC? ... opened these ports on the workstation with scope to network ... IntelPRO/1000 MT Network Connection ... The client could not establish a connection to the remote computer. ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Web Workplace Issue
    ... Are ports 4125 and 443 forwarded to your SBS NIC? ... opened these ports on the workstation with scope to network ... IntelPRO/1000 MT Network Connection ... The client could not establish a connection to the remote computer. ...
    (microsoft.public.windows.server.sbs)